February 20, 2013
Securing Information in Business
In order to protect organizations from data theft, the following steps should be followed to secure company networks and information:
Discover & Assess Risk –Network and agent-based scanning, plus assessment, provide the depth and breadth of info needed to make the right decisions.
Establish & Enforce Policy –Whitelisting capabilities ensure that only those authorized applications can execute and only those authorized removable devices can be accessed on specific endpoints by specific users. Having the ability to set policies that enable flexibility is key – some policies are only appropriate for some users or departments and not others.
Fix Open Vulnerabilities –These vulnerabilities are in operating systems, applications, web browsers, and virtualized platforms. If you can stay on top of the vulnerabilities that are critical to your organization then you can mitigate a lot of the risk of outside attackers targeting insiders.
Control and Monitor Devices –While many of these devices provide benefits that enable a more productive workforce, they also must be managed because of the storage capacity and ease of which data can be moved on and off. Also these devices can introduce malicious code onto your network quite easily. It is imperative to employ systems and practices that enforce what devices are authorized or not, by what users and on what machines. Also necessary is the ability to track what information is being moved on or off these devices.
Audit – Having visibility into what your users are doing, what data is being moved and what applications and vulnerabilities are in your environment is very important. High level and low level auditing capabilities provide necessary levels of insight into the effectiveness of your policies and enforcement capabilities.
The technology involved in information security changes and improves as...