Companies live and die by their policies which they are enamored with. While having a good security policy framework is important for organizations of all sizes, it’s easy to get comfortable with your policies – until they need to be used that is. A lot of smaller companies that are growing rapidly have some established security rules that aren’t as complete as they should be.

Just like users can pick bad compliant passwords, you’re not as compliant as you think you are if you haven’t considered the following 3 things.

1. You Don’t Review Logs – Most companies keep logs of some kind but many of them are never reviewed before they are overwritten by default processes. Log review is important on a regular basis, before logs are overwritten, so that administrators can determine patterns and abnormal activity that might not be caught by a firewall, intrusion detection system, or other automated controls. Apart from security, regular log review can help identify software glitches before they cause problems for your operations.
2. You Don’t Have A Contingency Plan – Security plans by smaller companies, as well intentioned as they may be, could very well be lacking a well thought out contingency plan. Having a tested contingency plan is important so that you know your backups will work, your applications will be accessible, and you can get up and running in a reasonable time.
3. You Don’t Test Backups – I should add, “and you don’t backup quite everything you should.” Related to #2 above, there are many companies that only have backups of a single server, rely on default settings, and don’t keep an extra physical copy somewhere off site. If you’re one of them and your office burns down, those backups aren’t going to do you much good.

There are some great things about standards and policies but it’s always easier to write them down than to put them in practice. That’s where many companies fail until something happens. Knowing that legal and regulatory compliance doesn’t necessarily equal security will save you from embarrassing and costly contingencies down the road.

picture: y3rdua

This entry was posted on Wednesday, July 15th, 2009 at 8:00 am by Anil Polat and is filed under general. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.