Best Practices For Department Server and Enterprise System ...

Ensure that each user isauthenticated before access isgranted.Have process in place to clean upaccounts once the user no longerrequires access to the database.Enable auditing and logging featureson the system to capture pertinentinformation pertaining to all useractivities.Have a security assessmentperformed on the system, includingpenetration testing.Install host-based security tools suchas Intrusion Detection and FileIntegrity Checkers for informationthat contain mission critical dataand/or confidential data.Disable all unnecessary services onsystem.Ensure that each user is authenticated beforeaccess is granted.Have process in place to clean up accountsonce the user no longer requires access to thedatabase.Enable auditing and logging features on thesystem to capture pertinent informationpertaining to all user activities.Have a security assessment performed on thesystem, including penetration testing.Install host-based security tools such asIntrusion Detection and File IntegrityCheckers for information that containmission critical data and/or confidential data.Disable all unnecessary services on system.OperatingSystemSecurityUse Minimum SecurityConfiguration Benchmarks – fromthe Center for Internet Security(supported by NSA, DISA, DHS,and NIST and security experts frommore than 100 other organizations).Use Minimum Security ConfigurationBenchmarks – from the Center for InternetSecurity (supported by NSA, DISA, DHS,and NIST and security experts from morethan 100 other organizations).Page 3 of 8