“... Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."
THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS
OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF ,
U.S. DEPARTMENT OF DEFENSE
NIST publication 800-39 http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
Follow these steps to review your computer network security:
A. Ensure that senior leaders executives recognize the importance of managing information
security risk and establish appropriate governance structures for managing such risk
1. Develop Risk Assessment for the systems on the Internet, create a priority listing, where the systems most critical are noted as such.
2. Create a Security Policy (governance structure) from the Risk Assessment
3. Have an independent person (not your IT department) check the system for Software and ports open (Audit), review your security policy, does it work with the risk assessment?
4. Review the software and ports open with IT department to ensure they are all patched (digest the Audit)
5. Create any documentation that is necessary to complete a full Network Computer Security risk Analysis
Contact Us for help in all of these steps. We do Computer Security all day every day.