Continuing my blogs on Gary Miliefsky's article "The 7 best practices for network security in 2007", I'd like to continue by discussing the need for Frequent Security Assessments.
The basic premise is to continually double-check yourself. The real question is "whose standard should you check yourself against?"
In the world of Windows, you can start with the Microsoft Baseline Security Analyzer (MBSA) which determines the state of security for your Window's servers. If you'd like to dig a bit deeper and look at everything from your Windows environment to IT policies to training to perimeter defense (and more), you can check out Microsoft's Security Assessment Tool (MSAT).
If you want to step outside of Redmond and use a third-party standard, you can look at:
- The NSA's guide for Windows Server 2003
- The NSA's guide for Windows XP - the Security Configuration Guides are extremely detailed
- The Center for Internet Security's Benchmark/Scoring Tools
For more on how ScriptLogic solutions fit into the assessment of Windows security, see my previous posting on How Much Does Data Theft Really Cost.
0 comments:
Post a Comment