|
|
|||||||||||||||||||||||||||
|
Volume 1 Issue 1
80-20 Rule of Information Technology
Removing Unneeded Services, Patch Maintenance, Enforcing Strong Passwords
This rule states that 80% of security risk is effectively managed by implementing the most important 20% of available technical security controls, which are removing unneeded services, keeping service patches current, and enforcing strong passwords. An organization should first apply these principles to the most critical information assets, particularly public facing servers such as web servers, DNS, email, and ftp servers, and then apply them to second and third line assets. Organizations that use these controls will enjoy a high degree of protection against many types attacks particularly "script kiddie" attacks and "blended threat" worms such as Code Red and Nimda, and will raise the economic opportunity bar so that attackers will simply move on to an easier target.
|
||||||||||||||||||||||||||||
|
