Your operational review should accomplish the following:
■ How consistently are the policies and procedures related to security applied and enforced?
■ How do day-to-day operations enhance or degrade IT security?
■ What operational plans are in place to address security in the various areas? Ideally, each area should be assessed individually and as part of a holistic system.
Your operational audit should look at four discrete elements that help build a secure framework. First, you should provide the least privilege necessary for any user to perform the functions of their job. Second, you should reduce the attack footprint by disabling, removing, and unin-stalling anything on the system that is unused, including equipment, modems, ports, software packages, protocols, and the like.You should also look at the various security layers, sometimes called depth-of-defense, to ensure your policies, procedures, and operations support your security objectives. Finally, you should work diligently to identify the inherent assumptions you're making about your network, your users, and potential attackers (people, process, and technology assumptions).
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.