- It is highly recommended that the Chief Information Officer formally approve the content and operation of any Web server to be connected to any organization system.
- Any and all Web site content and features must be approved and installed by the organization's Webmaster.
- Under no circumstances will sensitive information be made available on any company Web site internally or externally accessible.
- All enterprise Web sites must be reviewed, vetted, and approved in the same fashion as officially released reports or other outside correspondence.
- At all times, copyrights will be protected and observed.
- There should be no reason for control of the Web server other than from the Web server's console. Logging on to the Web server from any device other than this console is not permitted, and the server's software should be configured accordingly.
- Systems administrators, firewall administrators, and Webmasters are to report any and all attempts to gain unauthorized access to the Web server located on either the Internet or internal intranet.
- Incoming packet traffic will be scanned and connections to unapproved Web sites will be immediately reported to senior managers.
- Systems maintenance will include the installation of operating systems and applications patches.
- Senior administrators and Webmasters are responsible for change management. Any and all changes must be justified, documented, and submitted to a thorough quality control process before installation.
- Senior administrators and Webmasters are responsible for monitoring system performance, taking appropriate security measures, and ensuring Web sites reflect the highest quality standards.
- Implementation of common gateway interchange (CGI) scripts will be strictly monitored and controlled.
- In order to avoid buffer overflows, systems developers must keep buffer sizes defined when accepting data. In order to avoid CGI vulnerabilities, regular testing will be performed and appropriate security measures taken.
- All user input to any Web site, internal and external, will be filtered for appropriate content.
- In the case of third party applications interacting with programs that contain buffers that do not check for incoming data correctness, it is important that these applications are monitored and patched appropriately.
Popular Posts
-
Often crisis responders will initiate a crisis notification through a verbal briefing. As such, it is imperative that a clear and accurate ...
-
Nessus is a popular open-source scanner for organizations that choose not to spend the money on other proprietary products. There are s...
-
Incident and problem management processes are intended to handle problems that are raised through the service desk as well as responses t...
-
The composition of the crisis and incident response teams should reflect the personnel required to analyze and deal with any events, fro... -
Being able to classify and categorize different types of releases into release models allows one to determine the types of governance and ... -
The IMP should be designed to follow some simple principles in order to be most effective. The plan should reflect the nature of the bus...
-
The inability to effectively gather and share information is a frequent management failure during many crisis events both within the incide... -
The passive analysis approach has several advantages: The analyzer does not interact with the network to discover hosts and their r...
-
Many healthcare organizations confuse emergency operations planning with preparedness. In fact, developing an emergency operations plan (...
-
Each company will define the composition and structure of its own crisis response group dependent on the nature, size, and scope of the ...
0 comments:
Post a Comment