While at times the practice of managing information security may seem complex and costly, not all security controls are equally difficult to implement or effective. In fact there are three easy to understand controls that if implemented successfully will dramatically reduce your risk of a successful compromise against your information resources. These three controls are embodied in the notion of the information security 80-20 rule. This rule states that 80% of security risk is effectively managed by implementing the most important 20% of available technical security controls, which are removing unneeded services, keeping service patches current, and enforcing strong passwords. 

In 2001 there was a significant increase in the sophistication and destructive power of automated exploit code such as Code Red and Nimda. In the case of both of these attacks, the underlying vulnerabilities were well understood and patches had been available for several months before the tools were released.

Preventative information security does not have to be an overwhelming problem. By using the principles of 80-20 presented here, namely, removing unneeded services, keeping patches current, and enforcing strong passwords, the organization's information security domain is greatly simplified and reduced while at the same time significantly increasing each system's security level. These steps do not all have to be accomplished at once. An organization should first apply these principles to the most critical information assets, particularly public facing servers such as web servers, DNS, email, and ftp servers, and then apply them to second and third line assets. Organizations that use these controls will enjoy a high degree of protection against many types attacks particularly "script kiddie" attacks and "blended threat" worms such as Code Red and Nimda, and will raise the economic opportunity bar so that attackers will simply move on to an easier target.

Is your data safe and protected from intruders?

If your data were compromised, how would your business survive?

We can help!