download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
While I'm of the opinion that the economy is done bleeding for the most part,<br />
it does not mean that I believe weʼll be back to the glory days anytime soon.<br />
That produces a big challenge in 2010 for CIOs, who are trying to piece together<br />
a series of legacy, new and specialized network systems to optimize<br />
data and productivity without sacrificing their security posture in the process.<br />
While easier said than done, it is by no means<br />
impossible. What's more, CIOs are not alone,<br />
and t<strong>here</strong> are plenty of best practices to do<br />
this. That's because the <strong>issue</strong> is not new, despite<br />
the negative impacts to an organization's<br />
competitiveness, manpower requirements and<br />
operational risks. The upfront capital and personnel<br />
costs to upgrade systems become difficult<br />
to justify. So while the goal of implementing<br />
new, integrated platforms is still on the<br />
wish list of many IT departments, <strong>here</strong>'s how<br />
companies can deal in reality, and systematically<br />
ensure that all its systems are working<br />
together in the most secure and efficient manner<br />
possible.<br />
Review goals before setting policies<br />
<strong>Security</strong> policies are usually modified and updated<br />
when an organization implements a new<br />
system, setting certain rules and guidelines for<br />
that particular piece of software or equipment<br />
without much regard to their relevance to today's<br />
environment or impact to other networks.<br />
In fact, many policies over time can be<br />
so conflicting as to make them practically useless.<br />
This is why CIOs need to take the time to<br />
conduct a thorough review of their policies for<br />
such <strong>issue</strong>s. The best way to do this is to first<br />
determine what their overall goals and objectives<br />
are in preserving and protecting their organizationʼs<br />
precious data. As daunting as that<br />
sounds, t<strong>here</strong> is help at little to no cost. For<br />
example, the well renowned SANS (SysAdmin,<br />
Audit, <strong>Net</strong>work, <strong>Security</strong>) Institute offers a<br />
<strong>Security</strong> Policy Resource page on its Web site<br />
(www.sans.org/security-resources/policies/).<br />
The free program is a consensus research<br />
project of the SANS community, and is designed<br />
to offer small to medium-sized<br />
www.insecuremag.com 45