You in priority for enterprises to establish a security list, which everyone can focus on solving important issues.Starting from the SANS Institute released a list of Top 10 vulnerabilities since I have been a loyal supporter of it, and as it evolved into Top 20 vulnerability list.SANS also publishes a list of many other useful, such as programming errors, and Top 20 Top 20 most critical security controls, the other OWASP's Top 10 Web application vulnerabilities are also very useful.The list can be drawn from these the fact that most of the items in the list in the past decade has not changed how it is illustrative.A list of these types of enterprises is of great significance, can help them figure out what the biggest problem is as soon as possible to reach a consensus, and to enable them to concentrate on important issues.51CTO Editor's note: I remember the first company to work in a network, when leadership is most important requires us to 10 a month to write out things posted on the wall, so you can see yourself at any time.Now think of it, the Top 10 security vulnerabilities, and really is like.The threat list, in the future will be able to be prepared, it can be avoided.
Now I have a question for you, whether your business has a Top 10 list of computer security issues? If you have it, this list is whether it is well known, whether all members of IT management, computer security staff, programmers, andthe underlying architecture of the support staff are able to know? If you have not a list of what I said - or no one else knows it - What can you ensure that IT departments to focus on how to ensure the right resources in the rightissues?
I often come across companies can not adequately deal with the case of high-risk issues, in general, is that they put too much energy to solve the problem of middle and low secondary, put themselves bruised and battered.For example, an enterprise may be the biggest problem is the end user to install a Trojan horse, but it put a lot of money and manpower into the remote buffer overflow block, or patch to achieve hundred percent compliance with these places, and thesethankless solutions can only solve the problem of computer security companies in the whole fraction.
Please set up your business Top 10 list of computer security, starting with identifying the threat began to arrange them according to severity, using the best you can use the indicators, and then let the development team and management approval to finalize the list.This will force everyone involved, and to look at the most important issues.
Once you establish a Top 10 list, to ensure that it is notified to each person, using the most common computer security methods (such as email, posters, newsletter, etc.) to ensure that all teams can use their own unique wayTen to try to solve your security problems.
For example, if JavaScript vulnerability is the largest business problem, then the team can concentrate on workstation configuration lock the browser to prevent malicious JavaScript programs; programming / development team can write your own code try to prevent XSS (cross site scripting) attacks; responsiblepurchase of new software team can also find the application based on JavaScript and potential suppliers to communicate the problem to JavaScript attacks.If you do not put everybody in on important issues, they may be in the range of their obsession to solve their own problems.Top 10 list to help everyone, while in control of their trees, to see healthy growth of a large forest.
Tracking progress is the key to success.Should be someone responsible for each item in the list of indicators measured, and the next higher level each year progress report on the review team.At this time, the review team should review the security list to determine if some issues can be removed, or whether there is a new security issues should be added in.If a specific project indicators began to deteriorate and the review team will need to develop a new plan of attack, the establishment of more effective strategies to deal with this problem.
Once created, your Top 10 list of computer security should never be lost to the list of projects may be evolutionary or into other more pressing issues.However, this idea to provide enterprises a good way to deal with risks, focusing on the most important place to draw a cordon on the beach each year to measure.