1 | Prepare a network/computer security policy for your organization. (Many such policies are available from security organizations) |
2 | Evaluate your own network using a standard testing tool. Then be sure to fix the problems found. Retest after Step 3. |
3 | Hire a third party organization to do independent testing of your network. Fix the problems that are uncovered. |
4 | Deploy a network monitoring tool. |
5 | Deploy encryption for data transmission and storage. |
6 | Fix static passwords. Install a password management program and cracking program. |
7 | Obtain dynamic passwords for mobile computing users. |
8 | Run a “war dialer” on your network to identify security problems. |
9 | Establish an Incident Response Group for your organization — before a problem occurs. |
10 | Require every business partner that connects to your network to provide evidence of security testing on their own networks and have fixed the problems. |