10 tips to protect the security of an organisation

Even in the economic development of the best of times, computers also need to update the rotation, and we also need to decide how to deal with them reasonably. In the era of economic crisis, people have laid off, running high-cost software system had to be eliminated, the system failure resulting in the need to integrate rather than repair, processing time, computer equipment decisions must become more careful. If we pay no attention to this point, the security could be threatened

The following list is about the equipment, key to the safe handling of the 10 decision

1) In the time-out equipment, to ensure that all accounts a letter Interest rates and access control tools have been cleared. You do not want to pre-company personnel, using the original workstation connected to the company’s network it, you do not want to connect a computer for remote network access account without the need of the time the network attacker as a tool bar. Therefore, it is the first thing you should do something.

2) Do not think to fill up your hard drive means that junk data have been safely handled. If the drive contains confidential information, you should be removed before processing operations. Even if you have not been informed that drive the existence of any confidential data, but also should consider whether it should be examined to prevent the omission; if not found, then, do not just put waste inside. shred utility. For the stored data, the only reformat the drive or run the “Clear” command is not enough; shred utility sort of practical attacks can help you more secure delete files. Contains the encrypted data drive during delete operation should be preceded by processing the data, increasing the difficulty of being restored.

In the most extreme cases, the storage device may require the destruction of the physical layer to prevent confidential data from being leaked to the next one to obtain the drive, even in the company’s internal, but also need to do so. In this case, you may not need its own hands. Experts could carry out such work for you, and in the realization of the hard disk drive so that data can not be resumed at this point, they may do better than you. If your request is very strict, can not believe that specializes in the storage device from an external security of the destruction of the company, they should establish a dedicated in-house team and external contractors, and the same equipment, same equipment, has the same skills.

3) For the whole process of elimination to establish an operational list, to ensure that all the steps throughout the process will not be forgotten. In a similar whole department was closed, a large number of computer processing time required, so that treatment may be very important, of course, other time is also very important. But, do not rely solely on the list, but give up their own reflection. You should consider in detail the entire process, clearly its use to prevent any potential risk of endangering the security of the company. When you think of the safety hazards that may arise when, it should be to join the list, and immediately following treatment; list of all items does not necessarily apply to all cases, therefore, need to analyze specific issues.

4) The device must have a clear-out processing procedures to ensure that processing time does not appear problems caused by errors and negligence. The best treatment measures according to different categories of equipment, not completely eliminated in one place, complete processing equipment, on the other place, so that you can prevent mistakes in processing and decision-making errors of judgment. For example, perhaps the workstation should be placed on the table and the server racks, until the erase operation is complete (and to some extent they should always be placed there, until the hard disk drive data has been completely cleaned up, and, placed there for the whole system look more normal number). This was also an advantage to you to bring a sense of urgency to safely remove the device, because they need to clear space for other purposes, so it will give you pressure.

5) Whoever is right out of the machine for processing, after the completion of the entire process to be signed to confirm, if the whole process is more than a common treatment, they have confirmed that the respective needs of each individual’s responsibility. In this case, in the problems of time, they can confirm who is with the next, you can find out what happened in the end, how bad error. Time and completion date should be recorded. Some data should be recorded in detail, including equipment has been dealing with specific components, and their disposal sites, and (then) the depreciated value and replacement cost.

6) Do not delay the safety equipment processing time. To ensure that priority treatment to prevent errors caused due to personal devices are ignored, where a few weeks, months or even years, until it is people who have found access to the confidential data stored inside a threat to security. And in unnecessarily, do not run the system, you do not want such a system is running in the network, there is no practical use, just give malware and network attacks are opportunities.

7) Identify the configuration of network devices. Pairs of switches, authentication serial servers, and other “smart” network infrastructure management, intelligent network to prevent an attacker from identifying vulnerabilities into your network and systems.

8) For the safe handling of equipment needed to conduct a clear allocation of management, and “chain of custody” to track, to ensure that equipment will not be without an effective safety handle to his or her hands.

9) The corporate network all the computers and network infrastructure equipment to conduct a comprehensive key management, to ensure that no one storage device to be ignored. Important to remember that even the volatile random access memory in certain limited conditions, can be used as “storage device” to save confidential data. Finally, you must be extremely great importance to the storage of confidential data, and plan well related to protective measures.

10) Do not protect the security of the system into a dead end, because there is no effective safe handling, may result in confidential data to be restored, resulting in security compromised. Ensure good security practices do not mean to leave the time shut down the computer