- Identify what needs to be secured: Here you identify the content.
- Distinguish between public and internal intellectual property information. This can further be divided into loose and sensitive information.
- Identification of User groups
- Access authorization and control procedures
- Incident response, in case of misuse or attack
- Backup procedure and disaster recovery
- Never have a false sense of security. Consider this as the first and most important rule.
- Have a well defined security policy
- Never create too many pin holes in your firewall to allow access.
- Use a good VPN solution to provide secure Intranet access to your remote clients.
- At a bare minimum, encrypt the login process using SSL.
- If the site is hosted at an ISP, make sure all the security guidelines are in place.
From a network security standpoint:
Let me know if you need more information .
This was first published in April 2002