This incident points out the need for organizations, of all sizes and in all industries, to do the following to help prevent the same type of breach as that within the Utah DTS:
- Have well documented systems and applications procedures and supporting standards in place that are consistently followed
- Provide training and ongoing awareness for the procedures and standards
- Log changes consistently, and have teams responsible for reviewing the logs, and maintaining the logs for an appropriate period of time
- Perform ongoing audits to catch such configuration errors
- Have a change control process in place to help keep the mistakes of individuals from being put into production
- Use intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) to identify inappropriate access as soon as possible
- Create and maintain well documented breach detection and response plans
- Establish breach response teams and provide them with periodic training and ongoing awareness communications
- Engage independent third parties to perform periodic vulnerability scans and penetration tests
- Encrypt sensitive data, in transit and as rest in all storage locations. As this incident demonstrates, even if a sensitive file is located on a network behind a firewall, the bad guys may possibly still be able to get to it.
No comments:
Post a Comment