Tuesday, November 30, 2010

Some Basics on Data Protection

Verizon recently released a report in which it concluded that data security has not improved since it began its current series of surveys in 2008. It's a short time, but nevertheless, one would hope that there would have been some improvement, especially in view of the widely reported data breaches that have occurred during that period.

Even more surprising is the series of recommendations they put forward. These are recommendations that IT Auditors and security experts have been making for many years. A panel from Computerworld put together  four basic points:

1. Don't just log, monitor - Logging by itself accomplishes nothing; the results need to be monitored.
2. Tweak your network configuration - constant addition of new applications and upgrades can change the system by adding in unexpected defaults. These need to be reviewed and perhaps changed.
3. Educate your users - User understanding of the system its security routines is critical. As is the development of a strong security culture.
4.  Document and monitor access privileges - So fundamental. Security management needs a record of which users have access to sensitive data or functionality and those users need to be monitored. The current Wikileaks case, where a soldier in a remote base downloaded confidential documents to CDs is a case in point.

The Verizon report said that 64% of the data breaches could have been prevented with the use of these simple procedures. When will we ever learn?? Click this link for a report on these four security measures.

No comments: