Tips to Aid in Improving Security By
Barbara DePompaBest practices that can help government organizations stay on top of security threats include:
TIP: Leverage Intrusion Detection and Prevention (IDS/IPS) tools. Although many government organizations already use these solutions, respondents said extra effort still must be taken to fully take advantage of the multiple reports and logs in most IDS/IPS systems, which can greatly aid in improving security analysis and reporting.
TIP: Expand endpoint security. Research indicates that organizations which have deployed applications that leverage hardware-based, ‘roots of trust’ at the edge of the network and at the endpoints, gain greater security.
TIP: Use monitoring tools. These tools can be deployed to assist government organizations in tracking and monitoring information and systems to avoid the exposure of sensitive information when data or systems are lost or stolen. Also these tools can be used to help prevent ‘back door’ entry via databases and web servers onto agency networks. Working to gain back door entry into agency databases through unprotected web pages is fast-becoming a common exploit among hackers. Make sure there’s a policy in place to scan regularly to make sure no application developers create new back doors into agency networks.
TIP: Don’t overlook risks. Technological solutions are available to help government organizations gain greater awareness of the security required for individual processes or task, based on the agency’s mission and types of information stored. Risk assessment is critical to avoiding investments in short-term solutions that be costly and leave some areas, systems and information unprotected.
TIP: Prepare to be audited. Survey respondents were asked if their agency or organization had undergone a thorough cybersecurity audit. Just under two/thirds (63%) said yes, 37% had not yet been through this process. Within agencies, just over half, 56% had gone through an audit of business unit operations, while 44% said that had not yet happened. Federal security regulations dictate the need for regular audits, and industry observers recommend that agencies prepare now for mandated security audits in the coming months.
TIP: Use audit trails and access controls. Audit and access features to prevent unauthorized changes or deletions are important, ensuring only authorized personnel can access files and making sure that changes to data are closely tracked. It helps to simulate periodic audits to reveal weaknesses in security procedures that should be updated.
TIP: Carefully classify information. Administrators must find ways to leverage a classification system, because without stronger management it’s impossible to tame data growth regardless of the data reduction or protection tools employed.
TIP: Consider outside assistance. Although most organizations already have multiple security solutions in place, proper risk assessment may require the help of an experienced third-party partner with proven expertise in securing government environments.
TIP: Choose open, standards-based solutions. Security platforms must integrate a variety of third-party products and support multiple operating system environments, which is why government organizations must purchase solutions that can support end-to-end security.
TIP: Set up rewards to foster security improvements. To improve agency security protections, have internal IT staff make and then benefit from suggested improvements. In many cases, current IT personnel are the real experts when it comes to understanding the major weaknesses of an agency’s systems and networks. Rewards and incentives may be one of the best ways to increase morale and improve protections agency-wide.
