Security Software Basics
Create security policies to match the size and culture of
your business. Policies must be written, enforced, and continually
updated. Maintain configuration management through Security
Policy implementation and systems hardening.
As a business owner it is important to establish a "computer
software and hardware asset" inventory list and create a lifecycle
plan for each piece of hardware and software. Classify data
by its usage and sensitivity. Applications critical to infrastructure
and essential data should be recognized.
Establish owners of all data assets. Identify the data covered
by specific regulations and requirements. Many State and Federal
laws provide specific guidelines related to managing data
that contains personal information and credit card details.
Prepare a comprehensive budget and ensure that security is
a specific budget line item. Anticipate necessary software
and hardware upgrades that are required to keep systems operational
and protected. Budgeting preventative maintenance will result
in less downtime and also save money.
Maintain patch management on all systems. Follow a regular
schedule for applying patches to operating systems, software,
and anti-virus updates. Regularly download recommended security
updates and patches for operating systems and other software
critical to operations.
Maintain operational management through the reviewing of all
log files, ensuring system backups with periodic data restores,
and report any known issues or risks. Perform security testing
through annual security audits and penetration scanning. Ensure
physical security of systems and facilities.
Perform scheduled backups of main systems and local drives
on a regular basis. Monitor log systems to ensure that backups
were completed, and test tapes to make sure that backup systems
are functioning properly. Data recovery is expensive and not
always effective, a good backup system will result in averted
Limit access to key personnel. Both data and application access
can be sensitive. Employees should only have access to files
which are necessary for them to perform their duties.
Monitor news for specific security alerts that relate to critical
software used within your organization. Many software companies
provide alerts via RSS feeds or email lists. Search Security
for feeds related to specific security concerns.
A proactive systems management and security plan will often
result in increased productivity and less downtime.
About the Author:
Francesca Black develops educational material for
http://www.security-port.com and http://www.security-protection.net
a top resource for locating security related RSS feeds.