« The Russians Are Spamming | Main | New Exploit for Mac OS X »

Found the following list at TaoSecurity and found it insightful. The 5 most common security mistakes follow:

1. Failure to maintain a complete physical asset inventory.
2. Failure to maintain a complete logical connectivity and data flow diagram.
3. Failure to maintain a complete digital asset/intellectual property inventory.
4. Failure to maintain digital situational awareness.
5. Failure to prepare for incidents.

The first three concern knowing your environment. If you don’t know where you data is, how it is transported, and what data you are actually trying to protect, this makes it difficult to protect and just about impossible to recover if the system ever gets breached.

Once you know the ins and outs of your environment, the next step, which is harder and more open ended, is to try and understand who as trying to exploit your vulnerabilities and how.

Finally, once an incident occurs, a company should have clear policies, techniques, and trained personnel ready to respond and recover.

And as I recently read a report from Symantec that found that for-profit hacking is here to stay for the foreseeable future, a data breach is no longer a matter of if, but when.

Posted by pschooff in Better Protection • Hackers • Small Medium Enterprise |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1007