A Five-Step Plan to Help You Stay Ahead of Computer Security Attacks, Risks, and Threats, Part Five
Step No. 5: Learning From Your Company Security ExperienceThe follow-up to a security incident typically involves a round of vulnerability assessment. Security groups check to make sure that the remediation efforts truly eradicated the problem and patched the afflicted systems. Different types of attacks call for different recovery procedures. An unauthorized access incident could involve the attacker gaining root access to a system. If that's the case, the recommended course of action is to change all of the passwords on the system, according to the National Institute of Standards and Technology's Computer Security Incident Handling Guide. But organizations don't always follow all the steps" toward comprehensively recovering and securing a system. Changing all users' passwords in a big organization is a very tedious job and a time-consuming and very intensive manual process. An intruder who gains root access may have obtained administrator-level access to the system.
Security teams usually conduct a post-incident scan with vulnerability assessment tools to ensure that necessary actions, such as applying required patches, have been taken. But security managers say they are continuously scanning anyway to uncover vulnerabilities or violations of security policy.
Vulnerability scans are used to scan desktops, servers, and networking gear for compliance to corporations' security policies. Then the resulting information is used to improve security measures. Some corporations check for gaps in several key areas including system security configuration settings, security patches, antivirus status, personal firewall status, and industry-known vulnerabilities. Others have customized their security measures to help assess compliance to their acceptable-use policy. The result is an executive-level snapshot in time of whether end users are following policy. They may also brings in an outside analyst every few years to perform a vulnerability assessment.
The University of Georgia runs vulnerability scans and has vulnerability management applications installed on sensitive and critical servers. The vulnerability management applications check configurations or settings on servers and generate a report card, which covers areas such as operating systems level and patch, open vulnerable ports and user accounts.
Some corporations do vulnerability assessment and scans on a regular basis. Scans at UPS are performed by a managed security services provider and may be scheduled on an on-demand basis as a follow-up to an event.
A vulnerability assessment is largely a technical exercise. Enterprises also convene post-incident meetings with representatives from different areas of an organization, which focus on process as much as technology.
Some security group holds an "aftermath party" with the university's security advisory council, including the chief information officer and representatives from the legal, public affairs and HR departments, among others. The meeting dissects the security team's response to the incident, assessing the effectiveness of processes and procedures. The follow-up meeting also serves as a springboard to spread the word about a given incident, with an eye toward avoiding it in the future. Security experts point to education as the most important safeguard against future incidents. Some companies ensure their employees undergo security awareness training when they first join the company and annually thereafter. Managers are held accountable to make sure all who report to them have gone through the training.
Sometimes security training crops up in other guises. Sometimes security messaging and data protection messaging are integrated into all of leadership training ands sometimes a company may schedule a security awareness week each year. Training aims to prevent incidents, but an educated user can also contribute to early detection. Because they'll know what not to do and when to call if they see something out of the ordinary, many serious incidents are prevented.. Education initiatives must be flexible, enabling security groups to take lessons learned from security incidents and fold them back into the training regimen. They also mus study changes in attack types and methods and update the curriculum.
Some banks conduct quarterly threat assessments to close existing vulnerabilities and anticipate new exploits. They may review their security posture annually with a third party. Their new understanding of the threat environment is incorporated into training programs for technical people and awareness programs for the rest.
Keeping information-technology departments up to speed on security is another dimension of the security group's education initiative. Application developers, for example, need to incorporate the organizations' latest security principles as they generate code.
Ongoing training efforts help keep security on the front burner, say security executives, who warn that the absence of major incidents tends to lead to complacency. Companies that are not successfully attacked get lax and you have to reinvigorate them. Understanding the hazards and risks and threats of doing business in a networked environment will help employees and companies become much more secure.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats don't occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!
© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator
Source: Free Articles from ArticlesFactory.com
Related Tags: help, computer, to, you, security, risks, plan, a, and, of, attacks, part, five, stay, threats, five-step, ahead
Etienne A. Gibbs, Independent Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and pc-disabling issues. For more information, visit www.SayNotoHackersandSpyware.com/.Your Article Search Directory : Find in Articles
Recent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro
- Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t
- 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm
- Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media
- Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit
- 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p
- Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some
- 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh
- A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t
- Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB
- Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo
- A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte
- Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead
- Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in
- Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet
- The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th
- Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services
- Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a
- Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak