What you can do to protect your assets:
- The identification of key weaknesses in computer systems, nodes on a network, clients, connectivity and training.
- Policies and Procedures that ensure all levels of the company are within compliance with standards set by the company.
- Activities include hierarchal structure, authorization, implementation, disaster recovery and planning.
- Information from vendors is archived.
- Information from customers (clients) is logged.
- Communication along internal paths of the company to insure all areas of protection are available.
- Assessment of hardware firewall.
- Assessment of Software Patches and Service Packs.
- Management of all personnel.
- Auditing of logs and change orders.
- Monitoring of performance of all nodes on the network.
- Monitoring of security alert sites of government and for profit sites.
Company Security and Auditing Controls:
- Communication
- Poor or lack of judgment
- Lack of training
- Lack of concern
- Disgruntled employees
- Lack of review
A small list of duties below is required to keep data protected:
- Periodic changes of passwords
- Updating of policy and procedures
- Auditing server logs
- Auditing firewall logs
- Researching new malicious threats at third party information sites
- Physical security
- Applying patches
- Applying service packs
- User management
- Monitoring spyware/malware
- Monitoring new installs
- Monitoring performance
- Monitoring IDS systems
- Monitoring anti-virus protection
Control, auditing and implementation of a network:
- Periodic control of Operating System Patches
- Virtual Private networking to Domain Servers with Student Information Systems Software from staff workstations
- Periodic control of Operating System Service Packs
- Anti-virus software installed on each workstation to include student work stations
- Spyware/malware / Malware control measures
- "Pop up" control measures
- Application updates (i.e., Microsoft Office and related)
- Software Update Services Server installed to push updates approved by administration Documented Policy and Procedures school level Documented Policy and Procedures board level Active Directory Server login for staff to establish IT Policies Applications with logging of activities (customized) Application and Security Logs running on Servers Network Address Translation used at firewall level DMZ (demilitarized zones) used on web server Hardware firewall (three honed) used with logs and specific port number restrictions. IDS (Instruction Detection Server) in place and monitored Traffic monitor in place to monitor inbound, outbound and intranetworking packets Disaster recovery plan in place These tips are listed in the bright hub articles: ThE r4vEN