Site Security Planning |
Effective security planning requires you to monitor and report all significant securityrelated events. It also requires that you audit the reports from the systems administration in a timely fashion. Planning leads to security policies and standards that support effective monitoring and review.
Develop security plans that, at a minimum, thoroughly require you to monitor the following events and situations inside and outside the site:
It cannot be overemphasized that the systems and applications you install will contain bugs that will likely be discovered elsewhere in the Internet community, before you know about them. Your vendors and the Internet community security forums will broadcast news as these problems surface, and as solutions are developed. Security policy must include the practice of diligently monitoring the forums that provide this information, as well as the fixes for them.
Here are two examples of forums that effectively track bugs and fixes for major network operating systems: