Intranet Blog :: Security

Intranet evolution, best practices, and case studies by Toby Ward.

This Month

Month Archive

July 2006
May 2006
April 2006
March 2006
February 2006

Year Archive

2008
2007
2006
2005

Main Page » Security

« March 30 | April 27 »

Monday, April 10

Top 10 security lapses

by Toby Ward on Mon 10 Apr 2006 05:30 PM PDT

Securing your intranet requires more than just technology. In fact, employees represent your highest risk and point of breach.

CMPnet.com’s David Joachim covers the top 10 worst security practices in Lethal lapses:

If you find a security hole, buy a product to fix it.
Ignore the human element.
"Full speed ahead and damn the torpedoes" is our motto.
To run a tight ship, take an authoritarian approach.
Make access privileges an all or nothing proposition.
Treat all data as equal.
Back up everything, every night.
Perform audits and penetration tests infrequently, and in-house.
Endpoints for everyone.
Make sure security is highly visible, even intrusive.

“Most of these observations are about process and behavior rather than technology,” writes Joachim “That's not to say technology isn't important. But security pros generally have a mastery of bits and bytes and how to protect them. What's often missing is a sense of the big picture and how each separate alteration to the network affects the whole.”