Conduct internal security reviews
You have to stay on top of your security operation all the time. It's not enough to put procedures in place; you have to check periodically to make sure your people are following the procedures and that these procedures are bearing the fruit that you want. In this tip, Adesh offers a checklist for a periodic internal security review that will help you keep up-to-date on your internal security operation.
Protecting your organization's mission critical data is always a top priority. To ensure your data is safe, you should conduct a periodic internal review to ensure that basic security measures are in place. Here is a list of things to check on a regular basis.
Ensure that user accounts for employees who leave the organization are disabled. I recommend disabling these accounts so that when the vacant position is filled you can rename the disabled user account for the new user. This will make the process of assigning permissions to shared folders easier. Create a group for temporary users (contract employees) and ensure that these user accounts have an expiration date.
Set logon hours for users
If there are vendors who dial in for remote access, dial in to access information make sure that logon hours are applied to their user accounts. Ensure that vendors with dial in access are part of a group, and that this group does not have access to files/directories for which they do not need access.
Review all network shares to ensure that the proper permissions are assigned to the network shares.
Service Pack Updates
Make sure that the operating system has the most recent service pack updates. Also visit the Microsoft Web site regularly for bulletins on security issues.
Ensure that the administrator's password is changed periodically.
Examine the security logs in event viewer periodically.
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in December 2001