First Things First

by Dr. Greg Miles - 01/15/00

I was just looking through my new copy of the January 2000 InfoSecurity Magazine. The Test Center section has 25 or so products that dovarious things for secuity. I got to thinking again, "How the heck does anyone determine what product to use". " Is there an end all singleproduct that I need to protect my network.?" Sorry, no such luck. But there are some steps and practices that will help you to secure yoursystems no matter what. (of course there is no such thing as perfect security, but give yourself a fighting chance).

Steven Covey says "First Things First"

First off, determine how important your data is to you. If the data is stolen, destroyed or compromised, what is the impact on your business.

Second, know your network. Where does the Internet come in, how many users are we dealing with, what is the networks technology. Alsoimportant is how many servers and workstations.

Third, What are the network policies, (password strengths, authentication, remote access etc) Get help on this one if your not experienced.

The first three steps are low cost, low impact analysis of you situation. Don't blow off this step, because otherwise you are throwing moneyaway toward technology that may not help you. Off course you can hire or contract this expertise if you do not have it in house.

After you know your situation, then you start to look at solutions.

Technology: Intrusion Detection, Enterprise Security Management, Encryption, Auditing, Digital Signatures, One-time passwords, remoteaccess, dialback)

Administrative: implement and enforced policies (many policies can be implemented via technology).

Of course, step one will determine how much you invest in securing your system.

There are offerings from some companies like ISS and AXENT that provide a Suite of security tools that you can customize your needs and ingeneral the products interact with their own kind. But even these suites do not provide all the capabilities and they may not be a perfectsolution for your situation.

If your business depends on technology to prosper, then it is essential you invest in a certain level of security so your customers have theassurance that the products you are providing are not compromised.

Dr. Gregory S. Miles, Ph.D. is an Information Assurance Program Manager with AverStar, Inc (http://www.averstar.com).