According to research conducted by the DTI, 44% of companies admit they have suffered a malicious security breach but only 27% have formalised their security policy.
CA's pamphlet, Reaction Remedies: the way it should work, lays out the rules that should govern the development and implementation of a policy - independently of CA's product lines.
Graham Fisher, a senior analyst at Bloor Research, said, "Many people have the basics of a security policy but it's not as well-defined as it should be. Most companies enforce password changes but in many other areas they only take action after the horse has bolted."
CA's advice is to supplement a well-coordinated security system with intrusion detection that creates an audit trail of how any hacker who gets through navigates the network. Fisher recognised this was useful advice. "At least you can then see where the horse went and stop it going in the same direction again," he said.
Mike Small, CA's vice president for eTrust R&D, said, "You can have a best-of-breed security set of products, but without co-ordinated management you can never be sure whether they are working for rather than against you. Intrusion detection should be one component but you also need well-documented procedures and policies to limit damage."
Reaction Remedies, which is downloadable from CA's Web site, looks at the approaches companies take to security and offers a step-by-step guide to formulating a policy.