Advanced Technology Laboratory
Some day, at the worst possible time, your site WILL be compromised. You must have a plan worked out well in advance to how a security incident should be handled at your site.
Management should approve the plan in advance. Measures should be understood and agreed upon, and authority must be given to implement those measures.
Be sure that users understand and use good passwords, proper use of their accounts, and that inappropriate data is not placed in areas that are accessible from the outside.
Users must know and understand security policies and practices. No user should be given greater responsibility/control than he/she is technically able to handle.
All passwords to privileged accounts should be restricted to as few people as possible. Passwords can be written down, placed in a sealed, signed envelope, and locked in a secure place. If this envelope is opened for some emergency, all passwords should be changed as soon as possible.
Last modified: Sat Oct 30 23:05:04 PDT 2004