Enterprise Information: Security Plans and Policies

Human Factors

Humans are the easiest to exploit in any enterprise. Some are willing victims and others just don’t know they are a victim.

1. Social Engineering

Social Engineering is the art or persuasion. It is also the art of gaining trust of a person such that they part with crucial information. Hackers use deceptive methods like phishing to get crucial information like usernames and other details which can make guessing of the employee password easier. Email attachments and Trojans are another major cause of worry as they fool the human users about the nature of the software downloaded. Enterprise email security cannot over ride the user’s choice of opening an attachment.

Within the organization itself users sometimes give others their login to use. Many times their login names and passwords are so easy to guess and this becomes the point of entry for any one with malicious intent.

Social engineering can be done by phone or emails ore even through an application program message designed to appear as a legitimate message.

2. Inside Abuse

Inside abuse is about people within the perimeter that can access any system or your server. These can be employees that are disgruntled and turn malicious. They can be house keeping, maintenance (phone repair etc…), temporary or contract workers, and regular workers as well.

Process Errors

Every process is under the scrutiny of hacker for a vulnerability that can be exploited. Hackers take the slightest opportunity given to them. If the authentication and the encryption methods used by the various processes are not strong enough; be sure it is open to a hacker.

Another major issue is the absent minded employee on a wireless or mobile device that leave open ports or channels that could be used to gain entry into the network.

Technical complexity and weak points

Enterprise networks consist of a number of devices. Some of which might have been purchased previously and others purchased as the network was scaled upward. This entire gamut of routers switches, access points and other devices are complex in nature and difficult to configure and maintain. With a large number of devices to watch something can always miss the eye of the administrator who is monitoring the network.

More essentially the weak points tend to be the old equipment that has not been patched or configured properly

Ensuring better security

Humans seem to be the weakest link in the enterprise network security and enterprise information security plan. Any enterprise information security policy that is developed needs proper implementation by the employees. The following could be some valuable suggestions that your enterprise can adopt.

Human Factor

A proper training of your employees to be security conscious could go a long way in enterprise security.

• Educate your employee about social engineering tactics thus phishing, malware will be curtailed.
• Lay down simple clear plans about use of email, Instant Messaging and downloads.
• Give them information about websites that can use weakness in the browser to gain entry and detail policy about browsing.
• Constantly update this policy according to recent threats and issue your employees alerts when they have breached the policy guidelines. This is possible by obtaining enterprise security software that can warn the administrator of any breach. This can also prevent abuse as logs of events are recorded and check at short periods.

Process Errors and Technical vulnerabilities

Process errors are a bit difficult to find. You could implement a proper monitoring system that could filter out the violations from the ordinary events. This is crucial in timely protecting of the network.

Effective Solutions

Vulnerability scanners could be used to root out the various weak access points in a network. Once this is done it is easier to configure software and hardware to improve on the security aspect or even replace the weak point with a more effective secure appliance. Unified Threat management devices are offering better and complete security

The errors in the operating system, Application software, transmission protocol and other devices are discovered and made use. It is always better to be aware of the various problems other networks have faced and analyze your networks to see if there are any of the same possibilities.

Continuous monitoring is the most effective means of security. Protecting individual systems is also another important way of effecting security of the entire enterprise.

Related Articles

Botnets: Are you a Victim of This Spy Network?
Catch Hackers Lure Them to Your Honey pot
Better Security with Unified Threat Management Appliances
Are you Denied Access to Any Website or Internet?

Bookmark this page Email this to your friend Add this page to del.icio.us