This excerpt is from Chapter 2, The Security Review Process, of Internet Security: A Jumpstart for Systems Managers and IT Managers written by Juanita Ellis and published by Elsevier Science.
It is 1860, and you are the bank manager. Your number-one goal is to keep the money safe. What steps will you take to keep the money from the men in the black hats? Some of these steps may be to understand how the bank will be robbed:
- Will the robbers enter by the front door?
- Will they enter by the back door?
- Will they try to use explosives on the safe?
- Will they use social engineering to get the money? "Joe sent me down to get his money. Give it to me and I will give it to him in the bar."
- Will they try to use someone on the inside to help get the money?
Next, the manager will determine what steps are needed to keep the bad guys out:
- Use a safe with a combination lock.
- Put bars on the door.
- Get a security guard -- hire a gun slinger.
- Keep a gun and use it if needed.
- Train employees how to keep the money safe.
- And, most important, make sure that the bank manager knows the sheriff.
You will need to take similar action as the owner and/or manager of your network infrastructure. Using the following five steps will get you started with your security review:
- Start by reviewing the current state of the business.
- Analyze the technology currently being used.
- Start a risk analysis process.
- Create the plans.
- Begin your security implementation process.
Each step will link into a succeeding step. This approach should be used for each process or department within the business, as well as for the holistic enterprise.
Also on our virtual bookshelf, check out...
- Infosec Bookshelf: Establishing a Metrics Management System