Wednesday, February 16, 2005
The US government's advice on securing computers
The National Institute of Standards and Technology came up with a set of computer security guidelines for government agencies.
Mostly it's about how to generate organizational structures and paperwork. They did have some ideas relevant to a small business, maybe even to a home.
Got an inventory?
If you're recovering from a disaster then your insurance company will want to know what equipment you had. If you order a security survey then your security consultant will want to start with a list of what you've got. Do you know what software you have installed? Where are the original disks?
You'll benefit by taking an inventory of your data as well as your hardware. Think about what you can't do without. Accounts receivable records? Tax data? Take those thoughts and re-do your backup procedures.
How's your physical security?
My doctor had to add a lock to his computer room door so he could meet the security requirements of US privacy law. Computers get stolen from offices all the time. Have you done something to prevent that?
Can your employees install software?
If you're a home user, imagine that I said "children" instead of "employees". The safest answer is "no". Give as few people as possible "administrator" access especially to important computers.
Clean off disks before you sell them or throw them out
And of course shred your paper. Would you like to get paranoid and have bragging rights? You could buy a shredder from the National Security Agency list of approved crosscut shredders.
|
Mostly it's about how to generate organizational structures and paperwork. They did have some ideas relevant to a small business, maybe even to a home.
Got an inventory?
If you're recovering from a disaster then your insurance company will want to know what equipment you had. If you order a security survey then your security consultant will want to start with a list of what you've got. Do you know what software you have installed? Where are the original disks?
You'll benefit by taking an inventory of your data as well as your hardware. Think about what you can't do without. Accounts receivable records? Tax data? Take those thoughts and re-do your backup procedures.
How's your physical security?
My doctor had to add a lock to his computer room door so he could meet the security requirements of US privacy law. Computers get stolen from offices all the time. Have you done something to prevent that?
Can your employees install software?
If you're a home user, imagine that I said "children" instead of "employees". The safest answer is "no". Give as few people as possible "administrator" access especially to important computers.
Clean off disks before you sell them or throw them out
And of course shred your paper. Would you like to get paranoid and have bragging rights? You could buy a shredder from the National Security Agency list of approved crosscut shredders.
# posted by Frederick @ 10:30 PM Email to a friend:
Haloscan: they provide trackback