First 5 Actions: Here are mine, where are yours?
I just added a post to the Security Catalyst site. During the recent podcast (Security Catalyst #27), Michael Santarcangelo wanted to start a forum topic about What Are The First 5 Actions, Security Catalyst Case Study. As I am starting to think about this very subject I am very interested in everybody’s point of view on this. Please comment on my post either at the Security Catalyst site or here. As I state in the forum I have very thick skin and I value your input.
———————————————
Some of these may seem a bit broad but that is how they are intended. That is because I think that these are the basis for a plan. Before you start deploying systems and connecting them to the Internet, or let end-users run around the internal network, you need to cover the basics and create a managed, secure environment. There should also be a sub-step for each of these to review the findings of the previous steps to see if the new information affects them.
1. Incident Response Policy - this is going to happen at some point. It would be tragic if it happened right off the bat but stranger things have happened. You need to identify how this is going to be handled and individual responsibilities.
2. Prioritized Asset Identification - How do you know how to protect something unless you have identified what needs to be protected and which is most important.
3. Acceptable Use Policy - This will help you determine how your external and internal protections will be configured.
4. Network Deployment Review - If they have a network plan figured out but it has not been review by the Security Manager then it is still in development. At the least the network plan needs to be reviewed at this point to ensure that the previous steps have not created changes.
5. Deployment Strategy - Now that you have a list of assets, know what the network will be used for, and understand the network deployment scheme you need to determine how you will deploy and manage your assets. This strategy should cover how systems are built, hardened, managed, updated, and connected to the network.
I have thick skin so please hack away at this. I will be doing this very thing very soon and I hope to use this as a sounding board.
Thank you,
Cutaway
———————————————
Yes, thank you all,
Cutaway
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply