Desktop security preparation for a new wave of Windows apps

As new products, software and applications come into view, the responsibilities associated with managing it all are only going to grow. The same issues will be present, but with more business tie-ins. Everything from system image standardization and creation to deployment and installation to patch management and beyond is only going to become more complex.

Although many of the day-to-day desktop issues will take up a good chunk of your time, desktop security management should be at the top of your to-do list. Security is something that goes throughout the entire desktop lifecycle, so it isn't sufficient to simply enable Automatic Updates and install anti-virus software. Although many people do stop there, it is that kind of short-sightedness that gets businesses into trouble.

The long-term thinkers in IT know that they need to get a handle on security and put some solid documentation in place now, before IT and security become even more complex. So what must be in place in order to manage the security for up-and-coming software in conjunction with the old still in use?

The most important piece of your desktop security management agenda should be a well-documented and widely-accepted set of security policies. Determine what's important in the context of your business and which security gaps need the most attention. Odds are the majority of your Windows weaknesses fall into one of the following categories:

1. Weak file and share permissions
2. Lack of malware and personal firewall protection
3. Weak or nonexistent drive encryption
4. Missing patches
5. Poorly-configured security policies
6. Weak or non-existent passwords

Once the information risk assessment is complete, and security gaps have been uncovered, the next step is to start documenting your Windows security standards and policies.

Check back for part two of this three part tip where I'll talk about how to formulate Windows desktop security standards so you have a good foundation to build on. Part three will outline the policies you'll need and how you can document them to ensure they're effective.

ABOUT THE AUTHOR:

Kevin Beaver, CISSP Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Windows desktop security tips Mobile client security threats shouldn't be underestimated Securing removable drives with BitLocker To Go Five network security resolutions for 2010 What can Windows 7's AppLocker do for you? New year begins with a light Patch Tuesday Top 5 registry keys for Windows 7 Desktop security predictions for 2010 Group policy tricks to secure network endpoints The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.