• United States

Security suggestions

Aug 19, 20042 mins
Data CenterSecurity

* Cutter Consortium shares 15 actions to consider as part of a responsible computing strategy

While most security efforts focus on shoring up your company’s network perimeter to keep the bad guys out, strong policy also entails making sure your computing assets aren’t used to inflict harm on other companies or individuals. 

Cutter Consortium says the business and security risks associated with an increasingly interconnected society call for increased emphasis on responsible computing. “Once connected to the World Wide Web or the Internet, a company actively occupies a virtual space that is peopled with competitors, terrorists, children, environmentalists, lawyers – every segment of society – or actually, every segment of nearly every society on earth,” says Lynne Ellen, a Cutter Consortium fellow. “Responsible computing strategies account for intended and unintended interactions with such communities.”

Cutter shares 15 actions to consider as part of a responsible computing strategy: 

1. Establish strong identity management for access to the network. Remember the best authentication includes something you know, something you have, and something you are. Require at least two of these things.

2. Strictly control password management and administration.

3. Patch aggressively and strive for a process that allows all desktops to be patched in two days or less.

4. Divide your network into firewall-separated subnets. Carefully control traffic through the firewalls.

5. Don’t rely on firewalls as the primary protection.

6. Manage all outbound traffic as aggressively as you manage inbound traffic.

7. Conduct regular network vulnerability assessments.

8. Eliminate modems.

9. Secure wireless networks.

10. Deploy intrusion protection devices and methods.

11. Deploy thin-client devices where possible because they aren’t vulnerable to infections.

12. Carefully manage all interfaces between your company and others. Every contract should stipulate mutual security policies.

13. Learn what methods software vendors use to control the insertion of back doors in their products. Require the disclosure of all known back doors.

14. Develop a comprehensive, responsible computing policy, communicate it with employees, and develop methods for enforcement.

15. Regularly review security scenarios and establish an emergency response plan.

For more information about Cutter Consortium, go to