___________________
The below recommendations are from the
White House's Office of Homeland Security’s
national strategy to secure cyberspace:
SUMMARY OF
RECOMMENDATIONS
LEVEL 1:
THE HOME USER AND SMALL BUSINESS
R1-1 Because automated hacking programs scan the Internet for unprotected
broadband connections to exploit, those home users and
small businesses planning to install a DSL or cable modem should
consider installing firewall software first. (Some Internet service
providers (ISPs), offer firewall software with DSL or cable modem
set up.) Once firewall software is installed, it is important to regularly
update it by going to the vendor’s web site.
R1-2 Because new computer viruses are introduced every week, home
users and small businesses should regularly ensure that they are
running an up-to-date “antivirus system.” (Some antivirus vendors
offer automatic updates online. Some Internet service providers
scan all incoming e-mail for viruses before the e-mail gets to the
user’s computer.)
R1-3 Because new viruses often come as e-mail, home users should use
caution when opening e-mail from unknown senders, particularly
those with attachments. To reduce the number of unknown
senders, home users should consider using software that controls
unsolicited advertisements, called “spam.” (Some ISPs offer
programs to block spam. Some ISPs also offer to block all incoming
e-mail except from those friends and associates that the user
selects.)
R1-4 Home users should also regularly update their personal computer’s
operating systems (such as Microsoft Windows, Macintosh, Linux)
and major applications (software that browses the Internet or creates
documents, charts, tables, etc.) for security enhancements by
going to the vendors web sites. (Some software vendors offer automatic
updates online.)
R1-5 Internet service providers, antivirus software companies, and operating
system/application software developers should consider joint
efforts to make it easier for the home user and small business to
obtain security software and updates automatically and in a timely
manner, including warning messages to home users about updates
and new software patches.
LEVEL 2:
LARGE ENTERPRISES
R2-1 CEOs should consider forming enterprisewide corporate security
councils to integrate cybersecurity, privacy, physical security, and
operational considerations.
R2-2 CEOs should consider regular independent Information Technology
(IT) security audits, remediation programs, and reviews of “best
practices” implementation.
R2-3 Corporate boards should consider forming board committees on IT
security and should ensure that the recommendations of the chief
information security official in the corporation are regularly
reviewed by the CEO.
R2-4 Corporate IT continuity plans should be regularly reviewed
and exercised and should consider site and staff alternatives.Consideration should be given to diversity in IT service providers
as a way of mitigating risks.
R2-5 Corp orations should consider active involvement in industrywide
programs to: (a) develop IT security best practices and procurement
standards for like companies; (b) share information on IT security
through an appropriate information sharing and analysis center
(ISAC); (c) raise cybersecurity awareness and public policy issues;
and, (d) work with the insurance industry on ways to expand the
availability and utilization of insurance for managing cyber risk.
R2-6 Corporations should consider joining in a public-private partnership
to establish an awards program for those in industry making significant
contributions to cybersecurity.
R2-7 (1) Enterprises should review mainframe security software and
procedures
to ensure that the latest effective technology and procedural
measures are being utilized; (2) IT vendors and enterprises
employing mainframes should consider developing a partnership to
review and update best practices of mainframe IT security and to
ensure that there continues to be an adequate trained cadre of
mainframe specialists; and (3) IT security audits should include comprehensive
evaluations of mainframes.
Click Here for the full article.
