Compliance
> PCI DSS
> Security Best Practices
 

Client Login

 

Security Best Practices

Compliance with regulatory acts and security standards has become a defacto standard for public companies, whether it be Sarbanes Oxley (SOX), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Grahm Leach Bliley Act), PCI/CISP (Payment Card Industry Security Standard/Cardholder Information Security Program, NISPOM Chapter 8, etc.

All of them have a technology portion which requires an organization to ensure the safety of their electronic data and electronic communications, and that there be a way to view activity within a corporations network at some later date.

The Regulatory Acts are one reason why corporations must insure that their IT infrastructure is secure, documented and auditable, however Information Technology has become so central to the operations of a business that most corporations are loosing patience when their investment in IT are unpredictable or have adverse results, such as information loss, security breaches or service outages.

Log files are the fingerprints to a corporation, all servers, firewalls, routers and workstations spew out copious amounts of data of what has occured on them. The ability to view this data from a single source is critical.

The ISO 17799 Standard has recommended best practices for security, which are listed below, however the ability to review, monitor and correlate information from all sources to verify the integrity is essential. Logs provide a roadmap to what has occurred on your network.

The twelve items include:

  1. Install and Maintain a firewall to protect the data
  2. Keep security patches up to date
  3. Protect all stored data
  4. Encrypt/protect data sent across public networks.
  5. Use and regularly update anti-virus software
  6. Restrict access on a need to know basis
  7. Assign unique ID's to each person with computer access
  8. Do not use vendor supplied defaults for passwords and security parameters
  9. Track all access by date and unique ID
  10. Regularly test security systems and processes
  11. Implement and maintain an information security policy
  12. Restrict physical access to data.

 

Request a Demo Request a Trial Request More Information
 
webmaster | privacy | legal