March 21, 2005 (Computerworld) --
The interconnectedness of our increasingly electronic economy poses business and security risks that together mandate new consciousness for responsible computing, asserts the Cutter Consortium Business Technology Council.
The group suggests companies consider the following actions as part of a responsible computing strategy:
1. Establish strong identity management for access to the network. The best identity management includes three things: 1) something you know (passwords), 2) something you have (smart cards), and 3) something you are (biometrics). At a minimum, you should require at least two of these things.
2. Password management and administration must be strictly controlled. Outsource this to a foreign country or an outside entity at your peril.
3. Manage security patching aggressively. Strive for a process that allows all desktops to be patched in two days or less.
4. Divide your network into subnets with firewalls in between. Carefully control traffic through the firewalls.
5. Don't rely on firewalls as the primary protection. They are necessary but insufficient as a means of protecting your company.
6. Manage all outbound traffic as aggressively as you manage all inbound traffic.
7. Conduct regular network vulnerability assessments with appropriate security companies.
8. Eliminate modems.
9. Secure all wireless networks.
10. Deploy intrusion-protection devices and methods.
11. Deploy thin-client devices wherever possible; they aren't vulnerable to infections.
12. Carefully manage all interfaces between your company and others. Protect yourself and your partners. Every contract should specify mutual security practices. Allow no connections to companies with sloppy security practices.
13. Inspect the software development practices of software vendors to determine their methods to control the insertion of back doors in their products. Require the disclosure of all known back doors.
14. Develop a comprehensive, responsible computing policy and communicate this policy to every employee. Develop methods to enforce the policy.
15. Regularly review security scenarios and establish an emergency response plan.
This article was originally published by Cutter Consortium, www.cutter.com. Copyright 2005 Cutter Consortium. All rights reserved. Reproduced with permission.
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
See your link here
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
After weathering layoffs or pay cuts, your IT staffers may need some help getting motivated. Try these strategies for employee renewal.
No Windows geek or PC support pro should be without these must-have utilities -- and they're all free.
Get the latest news, features, opinions and more on key technology issues.
Get the latest news, reviews and more about Microsoft's newest desktop operating system.
General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list.
Computerworld
