Untuk mengamankan sistem kita, baik dari sisi fisik, infrastruktur dan aplikasinya, ada 8 aturan yang layak untuk kita pertimbangkan dalam menjalankan roda dan siklus sistem yang ber-tulang punggung pada layanan teknologi informasi (TIK). Berikut ini 8 aturan keamanan tersebut.

1. Rule of Least Privilege.
2. Rule of Change.
3. Rule of Trust.
4. Rule of the Weakest Link.
5. Rule of Separation.
6. Rule of the Three-Fold Process.
7. Rule of Preventative Action.
8. Rule of Immediate and Proper Response

Berikut sedikit detail masing-masing itemnya.

• Rule of Least Privilege – Only give enough access to a subject as required to do their job. My favorite quote is “The best security model is the one that lets you do anything… <pause> …that you are supposed to do”.
• Rule of Change Management – When you make a new change you expose your business to new risk. Any time a change is to occur you must consider all possible security implications.
• Rule of Trust – You must understand the implications of extending trust to anyone or anything within an organization. The rule of least privilege should prevail. Although you may trust your system administrator today, what happens when he holds a grudge towards you tomorrow ?
• Rule of the Weakest Link – The old analogy still stands… you are only as strong as your weakest link. Think about it in for a second.
• Rule of Separation – To effectively secure something, you must mitigate the risks associated with it by removing the threats around it. Isolating critical business resources and services to their own machines, followed by strengthening its offerings with the rule of least privilege, will significantly reduce the attack surface of the object you are trying to secure.
• Rule of the Three-Fold Process – Security is NOT just about technology implementation. Administrators love to install new fancy wiz bang things, but typically don’t follow through the entire security management lifecycle.
• Rule of Preventative Action – To effectively defend against the digital divide, you need to proactively assess the security in your environment. You need to keep aware of new security risks that are in the field; Keep current with security tracking mailing lists, RSS feeds etc. Regularly test your defences using vulnerability assessment tools before an attacker does. Maintain a strong three-fold process and keep your systems up to date with the latest security patches.
• Rule of Immediate and Proper Response – Long before you are ever breached, you should have an Incidence Response plan put in place. It has been seen in the past, that when an organization responds poorly to an intrusion, they typically do more harm than the attacker did.

Semoga bermanfaat.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.