SlideShare a Scribd company logo

10 KEYS TO EFFECTIVE NETWORK SECURITY

Razorpoint Security
Razorpoint Security

While nothing is ever "completely secure," and there is no magic product to make every organization immune from unwanted attackers,this Razorpoint document outlines 10 keys to consider seriously regarding effective network security.

Technology
1 of 4
Download to read offline
10 Keys To Effective Network Security [ WHITE PAPER ] ™ Author: Razorpoint Security Team Version: 1.3 Date of current version: 2006-10/05 Date of original version: 2001-04/04 Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
10 Keys To Effective Network Security The following 10 keys outline a foundation in building an effective security policy for your network operating environment. They explain the realities of network security and how to apply corporate resources toward the ongoing effort of securing a network environment. KEY 1: Executive level needs to be responsible (Establish accountability). Think of network security in terms of system survival and business continuity. As such, accountability should be shouldered at senior levels much like a company’s financial position falls upon a CFO or CEO. Effective security policies should be implemented and maintained by a skilled and experienced technology staff directed by a senior company officer or director (CTO, Director of Technology, etc.). Technology departments should be empowered with the resources (skilled staff, budget, hardware, software, etc.) and autonomy to react effectively on an ongoing basis. The senior company director must ensure the availability of these resources, while the entire senior management maintains accountability. KEY 2: Educate staff and promote awareness. People are almost always the weakest link in any organization’s security chain. It is for this reason that proper education and awareness of network security and security policies be understood by not only technology staff, but all employees. While more detailed technology expertise should be mandatory within technology departments, awareness and training must be provided to all company employees. Company employment documents should include a detailed explanation of the company’s policy on technology usage including, but not limited to, computers (laptops, desktops, servers), network access, Internet access, email, the worldwide web, and remote access to company resources. KEY 3: A process, not a product (Security is ongoing, never ending). There is no single answer. As part of employee security awareness, the fact that security is never realized by a single product or technique should be stressed. The myth of “You just install this one shrink-wrapped package and you’re done” is a dangerous pitfall many firms fall into. The overall security posture of a company needs to be part of the business decision-making process. Security is a process, not a product. KEY 4: Exhibit cautious, but prudent, spending (Don’t “just throw money at it”). Security is not just “having a firewall.” Many of the “all-things-to-all-people” products are not sufficient. These general tools (firewalls, VPNs, packet filters, etc.) can still leave company-specific systems vulnerable. A solution of this nature can end up costing an overwhelming amount due to an unforeseen security compromise. Purchasing and properly deploying tools such as firewalls, intrusion detection systems, VPNs, etc. as part of an overall security policy is an excellent way to promote a secure operating environment. Regular maintenance of these security tools should be a mandatory exercise in enforcing a company’s security policy. KEY 5: Regular assessment of the “threatscape” – Be proactive. Hire a security firm to regularly audit the security of your network infrastructure. This is similar to an outside accounting firm auditing a company’s financial records. As a proactive security measure, a qualified, third party should be retained to regularly audit the state of a company’s security. Security firms test, externally as well as internally, the true strength of an infrastructure’s security. An audit of this type provides a “hacker’s eye view” of a network operating environment. October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 1 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved. ™
KEY 6: Deploy and maintain a balanced, flexible security policy. An effective security policy should also include physical security, disaster recovery and user training. A “one size fits all” approach should be avoided. Design a security policy, or “process,” that is geared toward your current technology infrastructure as well as future iterations. It should evolve as your organization evolves. A balanced and flexible security policy should encompass firewalls, VPNs, good password usage, remote access procedures, security of physical resources (file cabinets, computer rooms, network access points, confidential documents, etc.), disaster recovery scenarios and provide for the ongoing effort of keeping all company employees aware of changes as they occur. KEY 7: Incorporate security early. It is always more efficient and effective to design security into an infrastructure from the beginning. Imagine only after finishing a bank realizing you needed a vault, alarms and security glass. Because of the lack of security consciousness at the outset, everything must now be redone. Similarly, security must be a primary focus when designing and maintaining an technology infrastructure. While security components can certainly be added afterward, incorporating security early yields better results. When necessary, hire an outside firm to perform a security design review of existing or upcoming technology rollouts. If nothing else, this “extra set of eyes” can provide another perspective on your needs, your technology and your security choices. Be sure to choose a firm with a proven track record performing security audits and services. KEY 8: Outsource security maintenance as necessary. In some circumstances, it makes business sense for firms to outsource their security needs. Understaffed or undertrained technology departments may not be equipped to adequately maintain effective network security. In these cases outsourcing can be an answer. Some or all of a company’s network security can be given to a security firm whose sole responsibility is securing your environment. Firewalls, VPNs, remote access, and other security-related necessities can be facilitated by an outside firm. This can also help a company to more slowly, and effectively, grow their own in-house staff. With security maintained by an outside firm, CTOs and CIOs can take more time staffing in-house teams with the appropriate, qualified personnel. KEY 9: Staff your technology team correctly. Be sure your technology staff is well-rounded in terms of technology expertise (network infrastructure design and management, security implementation, multiple operating system experience, etc.) and is trained in all necessary areas of your company’s technology. In addition to necessary certifications (CISSP, Check Point CCSA & CCSE, Cisco CCNA, etc.) security technology professionals must be able to demonstrate previous experience with relevant technology and provide references that can support previous career successes. KEY 10: Maintain vigilance. No one ever asks “When can we stop doing sales or marketing?” It is the same with security; it is never ending. Y2K was perceived as a business issue, security is even more so. It needs to be fully understood at the most senior levels why security is as large a business concern as sales or marketing. A security breach of financial records, confidential company data, client information or other sensitive material could be disastrous. Security compromises can destroy relationships with customers and investors. Financial liability, lost revenue, damage to a company’s brand and reputation could prove irreparable. Security concerns should extend well beyond “stopping a virus” or “installing a firewall,” it should be viewed as a business continuity issue and, as such, funded, staffed and maintained accordingly. October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 2 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
About Razorpoint Security. Razorpoint Security Technologies, Inc. specializes in researching and analyzing security vulnerabilities and conducting comprehensive security assessments. These assessments provide business leaders and corporate clients the necessary security services and solutions that help keep corporate networks secure. Razorpoint Security has exceptional expertise in network security, attack/penetration testing and identifying security vulnerabilities especially as they relate to Internet solutions and web applications. Razorpoint offers all sectors of business the services necessary to maintain a firm grasp on the evolving state of network security. For more information, Razorpoint Security Technologies, Inc. can be reached at their headquarters at Madison Avenue and 32nd Street in New York City. Razorpoint Security Technologies, Inc. 31 East 32nd Street Sixth Floor New York City, NY 10016-5509 t: 212.744.6900 f: 212.744.6344 e: security@razorpointsecurity.com w: www.razorpointsecurity.com ™ October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 3 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.

Recommended

Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LREpsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LRAndrea Baratta
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 

Recommended

Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LREpsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LRAndrea Baratta
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security SeminarAcend Corporate Learning
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Cybersecurity on Business Resilience
Cybersecurity on Business ResilienceCybersecurity on Business Resilience
Cybersecurity on Business ResiliencePECB
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailRita Barry
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Building a security strategy?
Building a security strategy?Building a security strategy?
Building a security strategy?Lori McInnes
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase CrackingPriyanka Aash
 
PASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESPASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESRazorpoint Security
 

More Related Content

What's hot

Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Cybersecurity on Business Resilience
Cybersecurity on Business ResilienceCybersecurity on Business Resilience
Cybersecurity on Business ResiliencePECB
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailRita Barry
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Building a security strategy?
Building a security strategy?Building a security strategy?
Building a security strategy?Lori McInnes
 

What's hot (20)

Information security governance
Information security governanceInformation security governance
Information security governance
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile Environments
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Cybersecurity on Business Resilience
Cybersecurity on Business ResilienceCybersecurity on Business Resilience
Cybersecurity on Business Resilience
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance program
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations Fail
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren Li
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
develop security policy
develop security policydevelop security policy
develop security policy
 
Building a security strategy?
Building a security strategy?Building a security strategy?
Building a security strategy?
 

Viewers also liked

Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase CrackingPriyanka Aash
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014Ricardo Resnik
 
Acciones de MinTIC en Seguridad y privacidad de T.I. para el Estado
Acciones de MinTIC en Seguridad y privacidad de T.I. para el EstadoAcciones de MinTIC en Seguridad y privacidad de T.I. para el Estado
Acciones de MinTIC en Seguridad y privacidad de T.I. para el EstadoFacultad Ingeniería Udec
 
Active security monitoring
Active security monitoringActive security monitoring
Active security monitoringPetra Divekyova
 
Cloud Security Monitoring at Auth0 - Security BSides Seattle
Cloud Security Monitoring at Auth0 - Security BSides SeattleCloud Security Monitoring at Auth0 - Security BSides Seattle
Cloud Security Monitoring at Auth0 - Security BSides SeattleEugene Kogan
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Seguridad informática en el ecuador expreso - v18082011
Seguridad informática en el ecuador expreso - v18082011Seguridad informática en el ecuador expreso - v18082011
Seguridad informática en el ecuador expreso - v18082011ROBERTH CHAVEZ
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Control y monitoreo (seguridad)
Control y monitoreo (seguridad) Control y monitoreo (seguridad)
Control y monitoreo (seguridad) marce18091
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the Workplace8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the WorkplaceTripwire
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...Amazon Web Services
 
Network Security Monitoring or How to mitigate a DDoS attack in 20'
Network Security Monitoring or How to mitigate a DDoS attack in 20'Network Security Monitoring or How to mitigate a DDoS attack in 20'
Network Security Monitoring or How to mitigate a DDoS attack in 20'thaidn
 

Viewers also liked (15)

Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase Cracking
 
PASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESPASSWORD BEST PRACTICES
PASSWORD BEST PRACTICES
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014
 
Acciones de MinTIC en Seguridad y privacidad de T.I. para el Estado
Acciones de MinTIC en Seguridad y privacidad de T.I. para el EstadoAcciones de MinTIC en Seguridad y privacidad de T.I. para el Estado
Acciones de MinTIC en Seguridad y privacidad de T.I. para el Estado
 
Active security monitoring
Active security monitoringActive security monitoring
Active security monitoring
 
Cloud Security Monitoring at Auth0 - Security BSides Seattle
Cloud Security Monitoring at Auth0 - Security BSides SeattleCloud Security Monitoring at Auth0 - Security BSides Seattle
Cloud Security Monitoring at Auth0 - Security BSides Seattle
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Seguridad informática en el ecuador expreso - v18082011
Seguridad informática en el ecuador expreso - v18082011Seguridad informática en el ecuador expreso - v18082011
Seguridad informática en el ecuador expreso - v18082011
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
 
Control y monitoreo (seguridad)
Control y monitoreo (seguridad) Control y monitoreo (seguridad)
Control y monitoreo (seguridad)
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the Workplace8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the Workplace
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
 
Network Security Monitoring or How to mitigate a DDoS attack in 20'
Network Security Monitoring or How to mitigate a DDoS attack in 20'Network Security Monitoring or How to mitigate a DDoS attack in 20'
Network Security Monitoring or How to mitigate a DDoS attack in 20'
 
Ciberseguridad para nuestra gente
Ciberseguridad para nuestra genteCiberseguridad para nuestra gente
Ciberseguridad para nuestra gente
 

Similar to 10 KEYS TO EFFECTIVE NETWORK SECURITY

Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity ModelSecurity Innovation
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfChinatu Uzuegbu
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LREpsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LRAndrea Baratta
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 

Similar to 10 KEYS TO EFFECTIVE NETWORK SECURITY (20)

ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity Model
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdf
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
111.pptx
111.pptx111.pptx
111.pptx
 
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LREpsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
16231
1623116231
16231
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

10 KEYS TO EFFECTIVE NETWORK SECURITY

  • 1. 10 Keys To Effective Network Security [ WHITE PAPER ] ™ Author: Razorpoint Security Team Version: 1.3 Date of current version: 2006-10/05 Date of original version: 2001-04/04 Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  • 2. 10 Keys To Effective Network Security The following 10 keys outline a foundation in building an effective security policy for your network operating environment. They explain the realities of network security and how to apply corporate resources toward the ongoing effort of securing a network environment. KEY 1: Executive level needs to be responsible (Establish accountability). Think of network security in terms of system survival and business continuity. As such, accountability should be shouldered at senior levels much like a company’s financial position falls upon a CFO or CEO. Effective security policies should be implemented and maintained by a skilled and experienced technology staff directed by a senior company officer or director (CTO, Director of Technology, etc.). Technology departments should be empowered with the resources (skilled staff, budget, hardware, software, etc.) and autonomy to react effectively on an ongoing basis. The senior company director must ensure the availability of these resources, while the entire senior management maintains accountability. KEY 2: Educate staff and promote awareness. People are almost always the weakest link in any organization’s security chain. It is for this reason that proper education and awareness of network security and security policies be understood by not only technology staff, but all employees. While more detailed technology expertise should be mandatory within technology departments, awareness and training must be provided to all company employees. Company employment documents should include a detailed explanation of the company’s policy on technology usage including, but not limited to, computers (laptops, desktops, servers), network access, Internet access, email, the worldwide web, and remote access to company resources. KEY 3: A process, not a product (Security is ongoing, never ending). There is no single answer. As part of employee security awareness, the fact that security is never realized by a single product or technique should be stressed. The myth of “You just install this one shrink-wrapped package and you’re done” is a dangerous pitfall many firms fall into. The overall security posture of a company needs to be part of the business decision-making process. Security is a process, not a product. KEY 4: Exhibit cautious, but prudent, spending (Don’t “just throw money at it”). Security is not just “having a firewall.” Many of the “all-things-to-all-people” products are not sufficient. These general tools (firewalls, VPNs, packet filters, etc.) can still leave company-specific systems vulnerable. A solution of this nature can end up costing an overwhelming amount due to an unforeseen security compromise. Purchasing and properly deploying tools such as firewalls, intrusion detection systems, VPNs, etc. as part of an overall security policy is an excellent way to promote a secure operating environment. Regular maintenance of these security tools should be a mandatory exercise in enforcing a company’s security policy. KEY 5: Regular assessment of the “threatscape” – Be proactive. Hire a security firm to regularly audit the security of your network infrastructure. This is similar to an outside accounting firm auditing a company’s financial records. As a proactive security measure, a qualified, third party should be retained to regularly audit the state of a company’s security. Security firms test, externally as well as internally, the true strength of an infrastructure’s security. An audit of this type provides a “hacker’s eye view” of a network operating environment. October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 1 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved. ™
  • 3. KEY 6: Deploy and maintain a balanced, flexible security policy. An effective security policy should also include physical security, disaster recovery and user training. A “one size fits all” approach should be avoided. Design a security policy, or “process,” that is geared toward your current technology infrastructure as well as future iterations. It should evolve as your organization evolves. A balanced and flexible security policy should encompass firewalls, VPNs, good password usage, remote access procedures, security of physical resources (file cabinets, computer rooms, network access points, confidential documents, etc.), disaster recovery scenarios and provide for the ongoing effort of keeping all company employees aware of changes as they occur. KEY 7: Incorporate security early. It is always more efficient and effective to design security into an infrastructure from the beginning. Imagine only after finishing a bank realizing you needed a vault, alarms and security glass. Because of the lack of security consciousness at the outset, everything must now be redone. Similarly, security must be a primary focus when designing and maintaining an technology infrastructure. While security components can certainly be added afterward, incorporating security early yields better results. When necessary, hire an outside firm to perform a security design review of existing or upcoming technology rollouts. If nothing else, this “extra set of eyes” can provide another perspective on your needs, your technology and your security choices. Be sure to choose a firm with a proven track record performing security audits and services. KEY 8: Outsource security maintenance as necessary. In some circumstances, it makes business sense for firms to outsource their security needs. Understaffed or undertrained technology departments may not be equipped to adequately maintain effective network security. In these cases outsourcing can be an answer. Some or all of a company’s network security can be given to a security firm whose sole responsibility is securing your environment. Firewalls, VPNs, remote access, and other security-related necessities can be facilitated by an outside firm. This can also help a company to more slowly, and effectively, grow their own in-house staff. With security maintained by an outside firm, CTOs and CIOs can take more time staffing in-house teams with the appropriate, qualified personnel. KEY 9: Staff your technology team correctly. Be sure your technology staff is well-rounded in terms of technology expertise (network infrastructure design and management, security implementation, multiple operating system experience, etc.) and is trained in all necessary areas of your company’s technology. In addition to necessary certifications (CISSP, Check Point CCSA & CCSE, Cisco CCNA, etc.) security technology professionals must be able to demonstrate previous experience with relevant technology and provide references that can support previous career successes. KEY 10: Maintain vigilance. No one ever asks “When can we stop doing sales or marketing?” It is the same with security; it is never ending. Y2K was perceived as a business issue, security is even more so. It needs to be fully understood at the most senior levels why security is as large a business concern as sales or marketing. A security breach of financial records, confidential company data, client information or other sensitive material could be disastrous. Security compromises can destroy relationships with customers and investors. Financial liability, lost revenue, damage to a company’s brand and reputation could prove irreparable. Security concerns should extend well beyond “stopping a virus” or “installing a firewall,” it should be viewed as a business continuity issue and, as such, funded, staffed and maintained accordingly. October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 2 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  • 4. About Razorpoint Security. Razorpoint Security Technologies, Inc. specializes in researching and analyzing security vulnerabilities and conducting comprehensive security assessments. These assessments provide business leaders and corporate clients the necessary security services and solutions that help keep corporate networks secure. Razorpoint Security has exceptional expertise in network security, attack/penetration testing and identifying security vulnerabilities especially as they relate to Internet solutions and web applications. Razorpoint offers all sectors of business the services necessary to maintain a firm grasp on the evolving state of network security. For more information, Razorpoint Security Technologies, Inc. can be reached at their headquarters at Madison Avenue and 32nd Street in New York City. Razorpoint Security Technologies, Inc. 31 East 32nd Street Sixth Floor New York City, NY 10016-5509 t: 212.744.6900 f: 212.744.6344 e: security@razorpointsecurity.com w: www.razorpointsecurity.com ™ October 5, 2006 10 Keys To Effective Network Security [v1.3] Page 3 of 3 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.