download issue 24 here - Help Net Security
05.02.2013 Views
Share Embed Flag

download issue 24 here - Help Net Security

download issue 24 here - Help Net Security

download issue 24 here - Help Net Security

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
net.security.org

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

While I'm of the opinion that the economy is done bleeding for the most part,<br />

it does not mean that I believe weʼll be back to the glory days anytime soon.<br />

That produces a big challenge in 2010 for CIOs, who are trying to piece together<br />

a series of legacy, new and specialized network systems to optimize<br />

data and productivity without sacrificing their security posture in the process.<br />

While easier said than done, it is by no means<br />

impossible. What's more, CIOs are not alone,<br />

and t<strong>here</strong> are plenty of best practices to do<br />

this. That's because the <strong>issue</strong> is not new, despite<br />

the negative impacts to an organization's<br />

competitiveness, manpower requirements and<br />

operational risks. The upfront capital and personnel<br />

costs to upgrade systems become difficult<br />

to justify. So while the goal of implementing<br />

new, integrated platforms is still on the<br />

wish list of many IT departments, <strong>here</strong>'s how<br />

companies can deal in reality, and systematically<br />

ensure that all its systems are working<br />

together in the most secure and efficient manner<br />

possible.<br />

Review goals before setting policies<br />

<strong>Security</strong> policies are usually modified and updated<br />

when an organization implements a new<br />

system, setting certain rules and guidelines for<br />

that particular piece of software or equipment<br />

without much regard to their relevance to today's<br />

environment or impact to other networks.<br />

In fact, many policies over time can be<br />

so conflicting as to make them practically useless.<br />

This is why CIOs need to take the time to<br />

conduct a thorough review of their policies for<br />

such <strong>issue</strong>s. The best way to do this is to first<br />

determine what their overall goals and objectives<br />

are in preserving and protecting their organizationʼs<br />

precious data. As daunting as that<br />

sounds, t<strong>here</strong> is help at little to no cost. For<br />

example, the well renowned SANS (SysAdmin,<br />

Audit, <strong>Net</strong>work, <strong>Security</strong>) Institute offers a<br />

<strong>Security</strong> Policy Resource page on its Web site<br />

(www.sans.org/security-resources/policies/).<br />

The free program is a consensus research<br />

project of the SANS community, and is designed<br />

to offer small to medium-sized<br />

www.insecuremag.com 45

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!