Ten Practical Security Steps
1. Good backups, periodically tested, with reasonable media rotation
and offsite storage.
Backups are frequently not discussed when security lists are made.
At most large organizations backups are totally routine and taken for
granted. As organizations get smaller the importance of backups is
more likely to be neglected. Even at large organizations the
importance of testing backups is sometimes neglected. Machines that
should be backed up may be missed, such as a desktop system with
valuable, unique data or a demonstration project that has become
a production system.
Backups need to cover more than a few days so that older versions of
files can be recovered and so there is a resonable chance of
recovering from problems, especially intruder caused damage, that goes
undetected for a significant time.
With good backups that are adequately protected, there few situations
from which recovery is not possible though the costs may be substantial.
Without good backups, it's hardly worth bothering with the rest of
this list. Sooner or later, hardware failure will cause irretrievable
data loss and recovering from an intrusion you detect will be
Top of Page -
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is