|
Steps |
Brief
Description |
|
1. Security
Policy |
Create
security policy for your company to detect and prevent
misuse as well as guidelines for internal
investigations. Make sure your policy addresses
personal information limitations such as employee's
social security number, salaries, addresses, medical
records, etc. |
|
2. Physical
Security |
Make sure
your critical infrastructure has restricted access to
people. Simply installing locked entry on the
computer room is often enough to prevent most
insider incidents. |
|
3. Check New
Hires |
The more you
know about applicant's background the better.
Spend some time and money and screen potential employees
before you bring them on board. |
|
4. Use Strong
Authentication |
On
particularly sensitive systems, such as HR and
accounting, make sure to use a combination of password
and token security. Though it may not solve all of
the problems, it is harder to fool. |
|
5. Secure
Workstations |
Make sure
that user's computers lock down after certain amount of
inactivity. |
|
Bathed in
knowledge |
B-web
participants exchange a variety of data, information,
and knowledge. |
|
6. Segment
LAN |
In a large
network it makes good sense to segregate the LAN in
series of sub networks, each one with its firewall
established where it connects with the corporate
backbone. |
|
7. Stop
Information Leaks |
Establish
clear policies describing restrictions on disseminating
confidential information. |
|
8. Log
Internal Operations |
Most
companies don't have sufficient logging of their
internal operations. If possible, invest in
network monitoring tool, such as
NetIntercept
which can analyze the flow of information throughout the
network. |
|
9. Internal
Patching |
Apply latest
patches ands can your most critical servers, like
e-mail, web and fileservers with anti-virus software
regularly. |
|
10. Monitor
for Misuse |
Install video
monitoring and keystroke logging on the the critical
servers |
