Updated: ...| Home | About | Forum | Help | Search..
border border
MANAGING THE DIGITAL ENTERPRISEMICHAEL RAPPA

<11>SECURITY

border

space
space

Hungry minds:

Managing for
Enterprise Security

Richard A. Caralli, et al.

Defending Against an
Internet-based Attack
on the Physical World

Simon Byers, et al.

The Spread of the
Sapphire/Slammer Worm

David Moore, et al.

Twenty Most Critical
Internet Security
Vulnerabilities

SANS Institute

Computer System
Intrusion Detection
Anita K. Jones
Robert S. Sielken

Why Cryptography Is
Harder Than It Looks

Bruce Schneier

How to Evaluate Security
Bruce Schneier

Handbook for Computer
Security
Incident
Response

Moira West-Brown. et al.

space

Places to visit:

CAIDA

CERIAS

CERT

SANS Institute

US-CERT

space

Previous topic:

Trust

space
Security and Encryption
space
Everyone has a stake in the security of transactions on the web. Customers must have confidence in the transmission of sensitive financial and personal information to web merchants. Businesses must be certain in the knowledge that payment information collected over web storefronts is indeed valid. Furthermore, merchants must undertake additional precautions to ensure that databases with confidential information  We are all security consumers. Bruce Schneierfrom their customers are not compromised by hackers or malicious employees.

The challenge of operating a secure web site is very real. The number of companies that have been attacked by hackers has grown dramatically the past few years. The losses from security breaches, in terms of the time and effort expended and lost productivity, are mounting. CERT, which monitors reports of computer network security breaches from around the world has registered a steep rise in the number of reported incidents in the past few years.

BEST PRACTICES FOR ENTERPRISE NETWORK SECURITY MANAGEMENT
(A.C.T.I.O.N.S)
Authentication Implement processes and procedures to authenticate, or verify, the users of the network. This may include techniques such as PKI using smart cards, secure tokens, biometrics, or a combination of efforts.
Configuration management Plan enterprise architecture and deployment with security in mind. Manage configurations to know exactly what hardware, operating systems and software are in use, including specific versions and patches applied; create robust access and software change controls, segregate responsibilities; implement best practices; and, do not use default security settings.
Training Train all employees on the need for IT security and ensure that security is factored into developing business operations. Foster an enterprise culture of safety and security.
Incident response Develop an enterprise capability for responding to incidents, mitigating damage, recovering systems, investigating and capturing forensic evidence, and working with law enforcement.
Organization network

Organize enterprise security management, IT management, and risk management functions to promote efficient exchange of information and leverage corporate knowledge.

Network management

Create a regular process to assess, remediate, and monitor the vulnerabilities of the network; consider developing automated processes for vulnerability reporting, patching, and detecting insider threats. Internal and external IT security audits can also supplement these efforts.

Smart procurement

Ensure that security is embedded in the business operations and the systems that support them. Embedding security is easier than “bolting it on” after the fact.

Source: President's Critical Infrastructure Protection Board, National Strategy to Secure Cyberspace
space
space

Hear the podcast:

Podcast by Professor Michael Rappa

Audio | Transcript

space

Things to read:

Learning Objectives

__/ 06-01-2009 \__
Insider Threat Research
CERT

__/ 10-31-2005 \__
Security Guidelines 2.0
TRUSTe

__/ 03-28-2008 \__
Governing for Enterprise
Security

CERT

__/ 08-02-2004 \__
The Challenges of
Security Management

Richard A. Caralli
William R. Wilson

__/ 07-09-2003 \__
Secrets to the best
passwords

Peter H. Gregory

__/ 01-17-2002 \__
Cybersecurity Today
and Tomorrow

National Research Council

__/ 02-00-1998 \__
Security of the Internet
Thomas Longstaff, et al.

space

Case study:

Counterpane

space

Next topic:

Privacy

border
border
border
© 2010 Michael Rappa

About | Forum | Terms of Use | Contact

Institute for Advanced Analytics