If you’re concerned that your network might not be as secure as it should be, Paul Rubens at EnterpriseNetworkingPlanet.com offers tips on protecting your small business network.
If protecting your organization from cyberattack is your responsibility, you probably have heard of the 20 baseline security controls that the Consensus Audit Guidelines (CAG) project defines and recommends.
Speaking at the Gartner Information Security Summit 2009 in London, SANS instructor Stephen Armstrong outlined 15 “quick wins” based on these controls: simple steps you can take to make an immediate difference to your security.
Here are the 20 controls, and Armstrong’s quick wins and other advice:
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
Quick win: Deploy an automated asset inventory tool that both scans designated IP address ranges and analyzes traffic to identify devices and software. You can’t secure your network unless you know exactly what hardware and software is running on your network.
3. Secure Configurations For Hardware and Software on Laptops, Workstations and Servers
Quick win: Remove games, hyperterminals and “crapware” that comes bundled with many end user machines, and unnecessary software on servers. If you need six applications on a machine, then there should be six, not twenty. Ideally, deploy standardized images, and document whenever a non-standardized image is used for any reason.
| Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |
