An optimal security posture, and one that eliminates the complexities of security management, is one that takes into account each of these four security disciplines. Adherence to best practices within these four fronts will reduce the costs of enterprise protection and lower risks while enhancing security resource allocation and inefficiencies. . . .
Securing your enterprise IT infrastructure can be a complex task. If your computing environment is like most, it is heterogeneous and contains a number of security products from many vendors. You may have diverse intrusion detection systems, VPNs, firewalls, antivirus software, and modems allowing remote users to dial into your network, along with offices in different geographic locations. Potential problems with this scenario aren't hard to find. Without a holistic view of the current security structure, how do you go about managing security? Security tools may work well on their own, but how do they work together to protect your network, and how do you monitor their performance?

With today's organizations becoming more global, connected, and dynamic in nature, the idea and practice of information security has never been more complex.

Consider the following challenges IT faces in protecting the corporate networking environment:

* Each week, 60 new software vulnerabilities and 100 new viruses are identified.
* Customers and stakeholders continue to demand greater levels of services via online systems.
* Organizations face significant time, budgetary, and personnel constraints.

Traditionally, organizations have relied on a point-product approach to address these issues. However, this has led to a new and seemingly impossible challenge: How to effectively and efficiently manage and mitigate the complexities of this security environment.

Enforcing security policies and regulations

Enterprises need to establish security policies, standards, and procedures to enforce information security in a structured way. Conducting a risk assessment will help you to identify and manage the vulnerabilities in your environment. From there, you will be able to develop a proper policy framework and standards, and begin constructing a set of policies tailored for your enterprise.

ISO 17799 is one of many government and industry based regulations and standards that enterprises are incorporating into their security policies. Your enterprise may also be subject to industry-specific security regulations such as HIPAA and GLBA. These outside policies need to be enforced, in addition to your own in-house policies. Establishing a security policy is one thing - effectively managing and enforcing them is quite another. Keeping access controls, authentication, and authorization measures up-to-date on all levels of your network is critical for a security policy to be effective. Any gaps in this information can increase your exposure to threats. Companies may have information security policies in place to protect critical assets and sensitive data, but they rarely have the means to effectively monitor compliance in accordance with that policy.

The link for this article located at net-security.org is no longer available.