| 1 | Prepare a network/computer security policy for your organization. (Many such policies are available from security organizations) |
| 2 | Evaluate your own network using a standard testing tool. Then be sure to fix the problems found. Retest after Step 3. |
| 3 | Hire a third party organization to do independent testing of your network. Fix the problems that are uncovered. |
| 4 | Deploy a network monitoring tool. |
| 5 | Deploy encryption for data transmission and storage. |
| 6 | Fix static passwords. Install a password management program and cracking program. |
| 7 | Obtain dynamic passwords for mobile computing users. |
| 8 | Run a “war dialer” on your network to identify security problems. |
| 9 | Establish an Incident Response Group for your organization — before a problem occurs. |
| 10 | Require every business partner that connects to your network to provide evidence of security testing on their own networks and have fixed the problems. |
