Five Warning Signs Your Security Policy Is Lacking
Warning signs of a weak security policy from SunGuard Availability Services.
Security always ranks at or near the top of any survey about the concerns of IT professionals. Has been that way for years. But no matter how much attention is paid to security issues, new threats and old bad habits continue to put your network and data in jeopardy.
Security needs to be completely ingrained in everything your IT team does, from application development to data management to end-point maintenance. In other words, it needs to be a matter of policy.
The Security Infrastructure Policy, from our partners at Info~Tech Research Group, is a great starting point for outlining the basic layers of infrastructure security required in today's business computing environment. The tool is available for free download to IT Business Edge members here in the IT Downloads library.
The modifiable policy template covers the standard instruments for locking down your infrastructure.
Data security, in particular, is a critical and yet often overlooked security component. The policy states:
Data encryption systems will be configured to encrypt all portable devices, all backup devices and all data stores that house confidential or otherwise sensitive information. These systems will be centrally managed and will provide centrally managed key escrow.
Other standards in the policy tend to favor a "lock-down" attitude - it suggests that firewalls should block traffic by default and allow traffic by exception, for example. The document is editable, of course, but heeding its advice on being hard-line about security will serve you well in the long run.
Of course, infrastructure is only part of the network security equation. User behavior (more often, misbehavior) can be a huge headache. Be sure to also check out this post, "Tips for Better Password Creation and Management," to help your team manage user passwords, which are still a lynchpin of network security. You can also read more about password management in "Three Tools for Proper Password Management" from our Paul Mah.