Information Security Management depends on the size of the organization, the network architecture, the policies and standards used by a security organization.
The following is highly recommended to be part of Security Management:
- Anti-Virus and Security Software: New viruses and other malware appear every day, so it is important to update security software regularly.
- SSL – HTTPS: SSL Implementation is necessary and Train users to look for this in the URL address when they are performing sensitive operations over the Internet, or even within the enterprise. Without encryption, people on the same network segment can read the plain text information.
- Identity Management Technology: Identity management technology stores assigned credentials and shares them with systems upon request, such as when a user logs into a system.
- SSO – Single-Sign-On: Reduce Security Risk and Improve Identity Protection.
- IDS and IPS – Intrusion Detection and Prevention Software: Tools that can detect incursions and dynamically deny access are necessary for when hackers do penetrate firewalls or other security measures.
- Firewalls (Prevention): For web servers exposed to the Internet, a more complex firewall structure is advised, as many malicious hacker attacks exploit legitimate appearing traffic that is intentionally malformed to exploit database and web server vulnerabilities.
- Metadata Tracking Software: Tools that track Metadata can help an organization track the movement of sensitive data. These tools create a risk that outside agents can detect internal information from metadata associated with documents.
- Data Masking/Encryption: Tools that perform masking or encryption are useful for restricting movement of sensitive data.
