Virus attacks are increasing in prevalence. Data/Identity theft is rampant. Computer crimes are becoming the preferred vehicle for white collar criminals.
But no worries… you sleep well at night because you’ve got anti virus software on all your workplace computers. You’ve installed firewall blockades at each point of network entry. You’ve even implemented policies requiring all of your employees to log off their workstations if they step away from their desks.
According to John Johnson, Security Focus contributor, you are sleeping on a bed of nails. In his article “Fortifying My Doghouse While Thieves Steal My Computer” he introduces several pivotal points of systems security analysis that infer such a good nights rest might not be granted… yet.
Systems Security Analysis
Step One:
Identify assets and the impact of their loss. If a computer is stolen are you just loosing the $500 it will cost to replace it or are you loosing more than that? Is their customer information stored therein? Is it private information that could be used in identity theft? Are you looking at multiple lawsuits for loosing such information? The point of this step is to get a good grasp on the true value of each asset. Go ahead and actually list out your assets and categorize them (as suggested by Johnson in his article) as either data, hardware, software, facilities, documentation, personnel or operations.
Step Two:
Develop security processes.Vital to this step is to engrave in your mind the following idea… “Security is a process, not a goal or the blame for not implementing enough protection.” One of the biggest mistakes you can make is to assume your job is done once a certain level of security is met. Rest assured, hackers and thieves do not give up once one theft attempt fails. Your process should be iterative. Run through the following procedure once and then again and again and again… you’ve got the idea.
Your procedure should include: risk identification, determining countermeasures, tying up one loose security thread at a time. Iterate. These procedural inclusions are only a summary of what you will find in Johnson’s article. I suggest you look through it HERE for more information.
How do you plan to implement this?
If you’ve found this article helpful and it has motivated you to increase your security measures please let me know. Please leave any comments below that you feel will benefit this topic or other readers situations. Thanks!