21.9.09

10 must-have steps for an effective SMB information security program

Výtah z článku:
The National Institute of Standards and Technology (NIST), a nonregulatory federal agency in the U.S. Department of Commerce, is putting final touches on a guide designed to help small businesses and organizations implement the fundamentals of an effective information security program. The NIST standards should also prove useful for the remote offices of larger companies, where IT staffs are often small or nonexistent and it's important that employees bear more responsibility for information security.
Kissel's 10 "absolutely necessary" steps to an effective information security program (consult the pamphlet for how-to's):
- Protect information, systems and networks from damage by viruses, spyware and other malicious code.
- Provide security for your Internet connection.
- Install and activate software firewalls on all your business systems.
- Patch your operating systems and applications.
- Make backup copies of important business data/information.
- Control physical access to your computers and network components.
- Secure your wireless access point and networks.
- Train your employees in basic security principles.
- Require an individual user account for each employee on business computers and - business applications.
- Limit employee access to data and information, and limit authority to install software.
And here are the 10 security trouble spots where computer users are highly recommended to use caution:
- Opening email attachments from unknown senders and responding to emails asking for sensitive information.
- Clicking on Web links in emails and instant messages.
- Clicking OK on pop-up windows and other hacker tricks.
- Doing online business and banking.
- Skipping criminal background checks on prospective employees.
- Web surfing.
- Downloading software.
- Not getting expert help when you need it. The Better Business Bureau, Chamber of Commerce, Small Business Development Centers can point you to service providers.
- Disposing of old computers and media
- Protecting against social engineering
 
AKA MONITOR - ISSN 1804-042X - seznam monitorovaných časopisů:
ComputerWorld, CIO Business World, Security World, ITSystems,
Úspěch, PIXEL,ComputerDesign, itCAD, Jak na počítač, Počítač
pro každého,Extra PC, Nejlepší Rady PC, Connect!, Computer,
Mobility,BIZ, THINK!(IBM), Svět poznání, DIGIfoto, FOTOlife,
Účetnictví,SAT & DVB-T mag.,Extra Hardware, www.akamonitor.cz/5xnej.htm
---------------------------------------------------------------