Introduction to Information Security – Part 2

Info Sec cloud image - green_2

Implementing good security measures

The implementation of good safety measures in your company can ensure security, integrity and dispobilidade data. Security measures to protect the data of your company can be achieved by building a good security policy for the company among other things. A security policy is the foundation of security measures taken by the company. She is the first security measure to reduce the risk of unacceptable use of company information resources.

The security policy must accurately inform all employees about the general use of company resources, its acceptable use, prohibited activities and responsibilities of employees related to security.

It should also describe the acceptable use all company assets, including hardware, sotfware and internet. If an old security policy since then there rather than spend time creating a new policy, it is better to rebuild the old one. It must be updated periodically in accordance with the emergence of new threats. Some other security measures to be taken by the comapnhia to implement good security are:

  1. Change Passwords: Passwords for all servers that host important services should be changed frequently. For example, a server hosts important services user accounts, firewalls and routers. Frequent change in passwords ensures that an attacker can not gain access to the system easily.
  2. Review User Accounts and Access Lists: A regular assessment of user accounts and access lists allow you to keep your network updated with employees who access network resources. Often, employees who have already left the company still has access permissions to company resources. This can lead to security breach.
  3. Create a “No Wireless” policy: Wireless access devices are difficult to protect and monitor. Therefore, they must be disconnected from the network. Personal devices should not be allowed in a corporate network. If you need to have assets in a corporate network, you must create a policy to cover these devices, ie create a wireless network only for certain users.
  4. Implement an Intrusion Detection System: The intrusion detection system will detect and prevent all attacks directed to the system / network. We will see about it later.
  5. Creating a Response Plan Incident: The incident response plan should be created and the Research Center for Response and Treatment Incident Computers (CERT) must be included in it. This ensures that team members or security personnel know who to call first and investigate how an event in case of emergency or theft.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s