Thursday, 30 November 2006

Securing the Network: 8

Securing The Network
A Post on Corporate Security Issues for the Non Technical

This post covers:
                Separation of Duties

It is important that part of your security initiative involves auditing your systems. A lot of important information is contained in logs that are scattered around your servers and devices.

It is necessary to look at what devices produce logs that are important and need regular monitoring, and then ensure that you do monitor them. It will be beneficial to introduce some mechanism so that the logs are sent to you on a regular basis, rather than you having to go and get them each time.

You should set up a document that details all your important logs along with the schedule for checking and auditing them.

Separation of Duties
Am important part of corporate security is Separation of Duties. This basically means that no one individual should be able to control a process from beginning to end.

Separation of Duties allows for checks to be made by a different individual which helps eliminate mistakes and minimises the risks of fraud.

"How much easier it is to be critical than to be correct." - Benjamin Disraeli

No comments: