Security is not a one-time activity that can take its own course, rather it’s an ongoing process targeting a dynamic environment in which new threats arise daily. New technical vulnerabilities are discovered on a daily basis and this increases the need for managed security. Here is a checklist for ensuring an organization’s security needs.

One of the most common mistakes people make when it comes to security, is that they consider it to be a one-time activity! Security is not a one-time activity that can take its own course, rather an ongoing process targeting a dynamic environment in which new threats arise daily.

As a first step an organization would identify the security holes in its IS infrastructure, define a security policy and implement technical and administrative controls to enforce the policy. These technical controls would have to be monitored and managed on an ongoing basis to ensure effectiveness. The administrative controls, popularly known as processes or procedures would have to be strictly adhered to by the concerned personnel.

New technical vulnerabilities, including virus outbreaks, security holes in applications and bugs are discovered on an almost daily basis. Security administrators are expected to keep track of these vulnerabilities and fix them to ensure that the IS infrastructure of the organization is secure. Even a few hours delay in identifying the relevant ones and fixing them could lead to security incidents. Some of the popular security incidents, which come to mind, are the "I Love You" virus outbreak, Nimda and CodeRed. Periodic audits have to be conducted, ideally by teams other than the security administrator to ensure that all the relevant vulnerabilities have been fixed.

Apart from fixing new vulnerabilities the technology components implemented have to be monitored and managed on 24x7 basis. Additionally these technical components are typically very complex and the skill sets required to monitor and manage these systems are in rather short supply. If the organization lacks personnel with the skills to properly configure and monitor these tools, the very tool designed to protect its network, will expose the organization to increased risks.

Some of the most commonly deployed security tools are firewalls, anti virus solutions and intrusion detection systems.Firewall management is a complex activity requiring expertise and experience. Firewall management for enterprises with multi-location installations without an IS Department in each of these locations can be time and resource consuming activity. The administrator has to periodically analyze the firewall logs, maintain and periodically update the firewall configuration, and change firewall policies after analyzing the change requests.

An anti virus solution has to be periodically updated with the latest virus definitions from the vendor and the updates have to be pushed to all desktops and mail boxes for full effectiveness. Failure to do so in a timely manner can result in virus outbreak which in turn could even lead to man months of unproductive time, depending on the size of the organization.

One of the most important processes for maintaining an acceptable level of security is the detection of unauthorized network and system activities, and responding to them in an effective manner. The process of detecting and responding to such activities requires tools such as intrusion detection systems or IDS. An IDS is needed in an environment where security of certain network domains and mission-critical servers is of utmost importance. In these cases, any intrusion attempt needs to be detected in their preliminary stages and proactively dealt with. Typical examples of these systems would be e-commerce web sites, credit card databases, etc.

Intrusion detection systems monitor intrusion attempts by analyzing various kinds of information for signs of intrusion (attacks coming from outside the organization) and misuse (attacks originating inside the organization). It collects information from a variety of system and network sources. This information is collected from the system log files for servers and applications and from the network traffic.

This information is then analyzed for signs of intrusion, attacks or scanning attempts coming from outside the organization, and misuse, attacks like unauthorized access originating from within the organization. An IDS throws up a large number of alerts, all of which need to be analyzed. A large number of these alerts are typically false alarms and are to be ignored. The remaining needed to be acted up on. Unless the resource handling the IDS is experienced, and has a knowledge base, the work can become very monotonous and tedious.

In case there are actual intrusions, the IDS logs would need to be analyzed to identify the source and extent of intrusion and corrective steps have to be taken to ensure that such intrusions are not repeated. Also, there are various aspects of the organization, a change in which would require the security policies and procedures to be reviewed and revised. Some of these factors are business focus and requirements, regulatory aspects, technical infrastructure, organization structure and culture.

To summarize, an organization to ensure ongoing security needs to:

• Track and fix the latest relevant vulnerabilities
• Periodically undergo security audits to ensure that there are no vulnerabilities, which could be exploited
  
• Monitor and manage security solution implemented such as firewalls, anti virus and intrusion detection systems
  
• Periodically review and revise the security policies and procedure