15 Tips for Responsible Computing
Computerworld -
The interconnectedness of our increasingly electronic economy poses business and security risks that together mandate new consciousness for responsible computing, asserts the Cutter Consortium Business Technology Council.
The group suggests companies consider the following actions as part of a responsible computing strategy:
1. Establish strong identity management for access to the network. The best identity management includes three things: 1) something you know (passwords), 2) something you have (smart cards), and 3) something you are (biometrics). At a minimum, you should require at least two of these things.
2. Password management and administration must be strictly controlled. Outsource this to a foreign country or an outside entity at your peril.
3. Manage security patching aggressively. Strive for a process that allows all desktops to be patched in two days or less.
4. Divide your network into subnets with firewalls in between. Carefully control traffic through the firewalls.
5. Don't rely on firewalls as the primary protection. They are necessary but insufficient as a means of protecting your company.
6. Manage all outbound traffic as aggressively as you manage all inbound traffic.
7. Conduct regular network vulnerability assessments with appropriate security companies.
8. Eliminate modems.
9. Secure all wireless networks.
10. Deploy intrusion-protection devices and methods.
11. Deploy thin-client devices wherever possible; they aren't vulnerable to infections.
12. Carefully manage all interfaces between your company and others. Protect yourself and your partners. Every contract should specify mutual security practices. Allow no connections to companies with sloppy security practices.
13. Inspect the software development practices of software vendors to determine their methods to control the insertion of back doors in their products. Require the disclosure of all known back doors.
14. Develop a comprehensive, responsible computing policy and communicate this policy to every employee. Develop methods to enforce the policy.
15. Regularly review security scenarios and establish an emergency response plan.
This article was originally published by Cutter Consortium, www.cutter.com. Copyright 2005 Cutter Consortium. All rights reserved. Reproduced with permission.
- Proactive Security
- Security on the Offensive
- Baked-In Security
- Intrusion-Prevention Systems: Erecting barriers
- Supersmart Security
- Secure the People
- Security Quiz
- Security Data Points
- Making Security Everyone's Business
- 15 Tips for Responsible Computing
- How to Plan for a Possible Network Attack
- Book Excerpt: Exploiting Software
- Q&A: Quality Software Means More Secure Software
- No Agreement on Oath Authentication
- Freebie Security Scanners
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
