US SEVEN STEPS TO DRAMATICALLY IMPROVING NETWORK SECURITY THIS YEAR ARTICLE EXCERPT TAKEN FROM WebLink The 7 best practices for network security in 2007 - Network World:

6) Value, protect, track and manage all corporate assets

You should take a close look at the value of all of your IT assets. This includes all the equipment - from your new VoIP phone system to your laptops, desktops, servers and all other networking equipment. How valuable are they to you? If someone stole a corporate laptop, what would it cost to replace? If the laptop contained all of the trade secrets of your corporation, now how valuable is that laptop?

Do an inventory assessment on all corporate assets that come within your domain. If engineers are storing code on your file server, how valuable is that code? The file server might only cost $3,000 to replace, but the code might take 20 person-years to re-engineer.

By placing a value on all corporate assets, you'll be able to determine how to better protect these assets. Justifying a storage area network or a daily backup is much easier if you know where the important assets are located and how valuable they are to your organization. What if the sales team chooses a free tool like SugarCRM for their customer relationship management (CRM) system? Does SugarCRM offer a backup service for your sales team? You might find out that the salespeople placed an entire customer list on their own Web server that they are managing without telling you. Then, when the server they are using crashes, you'll get a wake-up call to restore probably one of the most valuable assets in the corporation.

If you did a physical security and asset inspection walk-around, you might have found this 'new' server and taken control of it - enabling encryption, setting up a daily backup schedule and getting it on your maintenance program.

You can't protect what you don't know about. It's very important to have a handle on all corporate assets. You can quickly build a spreadsheet that includes the value of each asset - from an IT standpoint, not necessarily from the CFO's. Then, you'll be able to consider what INFOSEC countermeasures such as encryption, strong authentication, separate subnet, quality-of-service provisioning, backup plan, etc., you'll need to put in place to reduce the risk of downtime, data theft or loss of a critical asset.

WebBlog Editor Comment: Here is link to see all 7 Steps
Seven steps to dramatically improving network security this year
By: Gary S. MiliefskyNetwork World (US) (19 Jan 2007)
COMMENT ON THIS ARTICLE
We all face it - the daily barrage of spam, now infested with zero-day malware attacks, not to mention the risks of malicious insiders, infected laptops coming and going behind our deep packet-inspecting firewalls and intrusion-prevention systems. Some even have to worry about how to prove steps of due care and due diligence towards a growing roster of regulatory compliance pressures.

What can you do under so much extreme pressure to make 2007 a better year, not a year loaded with downtime, system cleanup and compliance headaches? I've come up with what I would consider some of the best network security practices.

Best practices are things you do - steps you take - actions and plans. Within those plans, I'm certain you will include which security countermeasures to budget for in 2007. Although I thought about going into details about recent security concepts, such as unified threat management or network admission control, it seems more appropriate to focus on the seven best practices instead of the seven best security tools you might consider deploying. For example, I consider encryption a best practice and not a product or tool. I'm sure you'll find many commercial and freely available tools out there. You can always evaluate those tools which you find most suited for your own best-practice model.

Here's my best practice list, in order of importance:

1) Roll out corporate security policies
2) Deliver corporate security awareness and training
3) Run frequent information security self-assessments
4) Perform regulatory compliance self-assessments
5) Deploy corporate-wide encryption
6) Value, protect, track and manage all corporate assets
7) Test business continuity and disaster recovery planning

Although I could have made this list a little bit longer, these seven make the cut because if you implement them, you should see a rapid improvement in network uptime, performance and your IT regulatory compliance posture. Let's take a closer look.