Best Practices For Securing Enterprise Networks
by David M. Piscitello and Lisa Phifer
Posted 4/17/2003; Published 12/2002

 

Abstract:

 

Safeguarding networked assets is an operational and business necessity, but to do so, you must understand the threats, quantify the potential cost of being attacked and employ security best practices to manage business risk.

 

To defend the integrity of your company’s networked assets, we recommend following “best practices” and security measures as a foundation. The list below is our “Top 10” recommended security practices, although there certainly are other steps that can—and should—be taken.

 

  1. Physical security.

  2. Secure perimeters.

  3. Authentication.

  4. Content inspection.

  5. System and server integrity.

  6. Information integrity.

  7. Availability.

  8. Access Controls.

  9. Intrusion prevention, detection and rejection.

  10. Auditing and Logging.

 

The security industry too often relies on fear, uncertainty and doubt (FUD) to sell products and services. The goal of this article is to inform, educate and, in so doing, ratchet what sometimes seems to be a depressingly dismal security baseline a little tighter. The proposition we hope you can sell within your organization is simple: If lax security practices can cost your organization considerable economic pain and suffering, can stringent security practices, over time, save you money?

 

About the authors:

David M. Piscitello is president and Lisa Phifer is vice president of Core Competence, Inc., an internationally recognized consulting firm specializing in network security.

 

bullet

Access paper
bullet

Approx. 161 kB
bullet

For help with .pdf file downloads, please check out the help topic.

bullet

Return to Business Communications Review Gold Sponsor Archives
bullet

Return to Security menu

This article is reproduced by special arrangement with our partner, Business Communications Review.

 

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.