Procedures in preventing threats to information security
Many organizations have employed a number of security measures to protect its information from getting to its competitors or other source that would illegally misuse its information. The following deals with areas that when implemented can assist in preventing threats to information security:
If you have multiple operating systems in the environment such as UNIX, Windows NT/2000 and Netware, then you should also have a group of personnel who specialize in these areas performing release updates, monitoring log files, conducting regular checks in the firewall audit logs and so on. Performing these regular updates and monitoring will make it more difficult for a security threat to occur.
It is a good idea to have a switched network. Besides enhancing performance, switches provide the capability to set up the network traffic so that in the event of a suspected attack the entire network may not be affected. If you think you have been attacked, then after you isolate the network look for any unauthorized login attempts; one area to check first will be the audit log files.
Ensure that backups are current and that backup routines are properly followed. By practicing regular restore operations you can discover any corrupt data written during backup. This makes it a lot easier to restore in the event of an attack or equipment failure, because you
- know that the data being restored does not lack integrity.
Backup equipment should be readily available for major devices such as routers and hubs in the event of a failure of these devices. Don't depend on third-party vendors for the supply of backup equipment.
Always update your network documentation and procedures whenever you make changes to the network. This sounds obvious, but . . .
Have competent personnel capable of providing backup support in instances where response team members are unavailable.
Having backups stored in a secured offsite location is one way to ensure that the data is safe. Test the quick availability of this backups periodically.
Adesh Rampat has ten years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute For Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Did you like this tip? If so, (or if not) why not let us know. Send an e-mail to us and sound off. Or visit our tips page to rate this tip, or submit one of your own.
Information Security Management Handbook, Fourth Edition, Volume Two
Author : Harold F. Tipton
Publisher : CRC Press
ISBN/CODE : 0849308003
Cover Type : Hard Cover
Pages : 640
Published : Oct 2000
The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly. Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information systems.
This was first published in March 2001