Assess Your Security Infrastructure to Avoid Hacks
A review of your overall security infrastructure can add oomph to your systems and keep those persistent hackers at bay. Here are some tips to start this assessment and be on your way to comfort and security:
Look at how your network and overall campus are designed. Consider organizational issues, such as whether policies are in place, maintained, or even taken seriously. Physical issues count as well. Do members of management have buy-in on information security and compliance, or do they simply shrug the measure off as an unnecessary expense or barrier to conducting business?
Map your network by using the information you gather from the ethical hacking tests. Updating existing documentation is a major necessity. Draw your network diagram — network design and overall security issues are a lot easier to assess when you work with them visually. Although you can use a drawing program, like Visio or Cheops-ng, to create network diagrams, such a tool isn’t necessary — you can sketch your map anywhere!
Be sure to update your diagrams when your network changes.
Think about your approach to correcting vulnerabilities and increasing your organization’s overall security. Are you focusing all your efforts on the perimeter? Think about how most banks are protected. Security cameras focus on the cash registers, teller computers, etc — not just on the parking lot. Look at security from a defense in-depth perspective. Make sure that several layers of security are in place in case one measure fails.
Think about security policies and procedures at an organizational level. Document what security policies and procedures are in place and whether they’re effective. Look at the overall security culture within your organization and see what it looks like from an outsider’s perspective. What would customers or business partners think about how your organization treats their sensitive information?
Looking at your security from a high-level and nontechnical perspective gives you a new outlook on security holes. It takes some time and effort at first, but after you establish a baseline of security, it’s much easier to manage new threats and vulnerabilities.