CA sets out security guidelines


CA sets out security guidelines

Eric Doyle
Computer Associates has produced a guide to good practice in security.

According to research conducted by the DTI, 44% of companies admit they have suffered a malicious security breach but only 27% have formalised their security policy.

CA's pamphlet, Reaction Remedies: the way it should work, lays out the rules that should govern the development and implementation of a policy - independently of CA's product lines.

Graham Fisher, a senior analyst at Bloor Research, said, "Many people have the basics of a security policy but it's not as well-defined as it should be. Most companies enforce password changes but in many other areas they only take action after the horse has bolted."

CA's advice is to supplement a well-coordinated security system with intrusion detection that creates an audit trail of how any hacker who gets through navigates the network. Fisher recognised this was useful advice. "At least you can then see where the horse went and stop it going in the same direction again," he said.

Mike Small, CA's vice president for eTrust R&D, said, "You can have a best-of-breed security set of products, but without co-ordinated management you can never be sure whether they are working for rather than against you. Intrusion detection should be one component but you also need well-documented procedures and policies to limit damage."

Reaction Remedies, which is downloadable from CA's Web site, looks at the approaches companies take to security and offers a step-by-step guide to formulating a policy.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy