System & Network Management
This practice is built from few smaller practices, which are all very important. Those are: Access Control, Software Integrity, Secure Asset Configuration and Backups. We are going to cover them only generally here. Establish a range of security controls to protect assets residing on systems and networks. Consider use of access controls at your network, and use of data encryption technologies (VPN too) as required. Use removable storage media for critical data so that it can be physically secured. Do regular checks and verify the integrity of installed software. Do regular checks for viruses, worms, Trojans and other malicious software or unauthorized software. Also, regularly compare all file and directory cryptographic checksums with a securely stored, maintained, and trusted baseline.
Provide procedures and mechanisms to ensure the secure configuration of all deployed assets throughout their life cycle of installation, operation, maintenance, and retirement. This means you should apply patches to correct security and functionality problems, and establish standard, minimal essential configuration for each type of computer and service. Keep your network topology up to date, and provide some levels of logging. Before you apply your patches, consider the security implications for every change to systems and networks. Perform vulnerability assessments on a periodic basis, and address vulnerabilities when they are identified. Mandate a regular schedule of backups for both software and data, which means you have to validate software and data before and after backup, and make sure you have the ability to restore from backups.
Authentication & Authorization
Protect critical assets when providing network access to users working remotely and to third parties such as contractors and service providers. You should use network-, system-, file-, and application-level access controls and restrict access to authorized times and tasks, as required. Also, consider using data encryption and virtual private network technologies, if it is required.
Monitor & Audit
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.