Computer Security need not be Rocket Science. I have a bunch of links, some of which I have not recently visited, so some might be broken. All of this stuff is excerpted from Al Mac's Computer Security Myths project, not yet ready for prime time sharing. But I thought I would mention a few things in the wake of some contrary views recently published by other voices.
- Send an e-mail with any subject heading to mailto:subscribe@talkbiz.com
- Within a few minutes you will get back a long e-mail article
- Data Security 101 For Small Businesses
- From Paul Myers
When we install software on our PCs, sometimes the software vendor thinks they know more about us about what is best for us, so it pays occasionally to do a personal computer security audit. You don't need to be an expert to do this. Just visit http://grc.com/default.htm Shields Up then Test - do both tests, then check FAQ on site. There are many other web sites with similar services.
This story in the Boston Globe examines the reasons why today’s teachers are using computers & the Internet quite heavily everywhere except in the classrooms for their students.
http://www.boston.com/dailyglobe2/329/focus/System_crash+.shtml
Some software vendors sell security software they do not use themselves
http://securityportal.com/closet/closet20000705.html
A business enterprise can organize an audit of all computers on their network using products from companies like http://www.pentasafe.com and in fact ordinary auditors who know nothing about computers can include security in a standard audit. Basically they install software from pentasafe on the client's computer system, it runs a bunch of tests, and generates a report, on such things as passwords too easily guessable, passwords not changed in eons, and other topics that are related to the particular operating system used ... most Microsoft, IBM, and others such as UNIX are supported. The reports do not identify the actual passwords that are not secure, just report card on the degree to which the system is not very secure.
From time to time the government gets interested in computer security and tries to figure out standards that are going to work. In a previous iteration than what is going on right now, the standards were also tested to make sure the security ideas really worked. This led to a system of measuring which computer systems measured up to the security standards. Take a look at http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html and see which computer systems are conspicuous by their absense.
The FBI has published a list of the most common computer security errors that everyone, all businesses, tend to repeat. http://www.sans.org/top20.htm There is also a searchable index of known computer security risks at http://cve.mitre.org/cve/ Here's a collection of Security Recommendation Guides from the National Security Agency of the US Government http://nsa1.www.conxion.com/
One of the IBM platforms has a data base system in which business rules can be specified at the file level, such that it does not matter what software tool is used by any user or intruder, the rules cannot be broken. One vendor has taken this to an extreme and offers a system in which the only thing on the system are the business rules, run a business with no commercial software whatsoever. This http://www.erros.co.uk/ can be a bit difficult to wrap your mind around, so check out the review at http://www.400times.co.uk/Documents/ERROS1.htm
8:27:53 PM 
|
