CA sets out security guidelines

News

CA sets out security guidelines

Eric Doyle
Computer Associates has produced a guide to good practice in security.

According to research conducted by the DTI, 44% of companies admit they have suffered a malicious security breach but only 27% have formalised their security policy.

CA's pamphlet, Reaction Remedies: the way it should work, lays out the rules that should govern the development and implementation of a policy - independently of CA's product lines.

Graham Fisher, a senior analyst at Bloor Research, said, "Many people have the basics of a security policy but it's not as well-defined as it should be. Most companies enforce password changes but in many other areas they only take action after the horse has bolted."

CA's advice is to supplement a well-coordinated security system with intrusion detection that creates an audit trail of how any hacker who gets through navigates the network. Fisher recognised this was useful advice. "At least you can then see where the horse went and stop it going in the same direction again," he said.

Mike Small, CA's vice president for eTrust R&D, said, "You can have a best-of-breed security set of products, but without co-ordinated management you can never be sure whether they are working for rather than against you. Intrusion detection should be one component but you also need well-documented procedures and policies to limit damage."

Reaction Remedies, which is downloadable from CA's Web site, looks at the approaches companies take to security and offers a step-by-step guide to formulating a policy.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy