How to Set Effective Security Policies at Your Organization. David Strom VAR Business Technology Editor June 20, 2002. My background. Author of “Home Networking Survival Guide” book from Osborne/McGraw Hill Founding Editor-in-Chief, Network Computing
VAR Business Technology Editor
June 20, 2002
Problems with existing network and applications infrastructure
Issues with products and protocols
Ways around the various tools that you are trying to use to lock things down
Do you have a chief security officer?
Does s/he have any real authority?
Does s/he have control over corporate directories, network infrastructure decisions, and internal applications development?
Network admins who have rights to everything
Applications that have access to other applications
Users who temporarily gain access outside of their normal departments
VPN policies and choices
Email policies and issues
Firewalls don’t protect you all the time
… Yet all cable modems come with Ethernet!
How accurate is your employee directory?
Do outsiders have access to your email system? And for how long?
Do terminated employees have access still?
How often do employees copy all by mistake?
Use Notes or Groupwise
Don’t run Outlook, Outlook Express
Use PGP or SMIME products