In addition, once you have developed and deployed a security policy, compliance tools can ensure that apathy doesn't set in. It's human nature to move on to the next big project. Plus, personnel turnover will have less of an impact on your security if policy monitoring strategies are in place.
|
Online Extra
|
Details, Details
Once you start monitoring for compliance, remediation is a natural progression. Technically, it doesn't matter which application makes changes on desktops and servers. In reality, organizational hierarchy dictates a separation between operational and security duties. Controlling access to the policy-compliance application is critical so that only authorized people, such as security administrators or auditors, create and run reports, while desktop operations staff run reports and make changes to target systems, for example.
Although desktop-management packages and home-grown tools provide some basic functionality, the consolidation of reports and the redundancy of effort is costly. If you have multiple platforms and multiple levels of security, and you need to get a handle on your security and protection procedures, you should be looking at policy monitoring. Our review of policy monitors begins here.
Mike Fratto is a senior technology editor based in Network Computing's Syracuse University Real-World Labs®; he covers all security-related topics. Prior to joining this magazine, Mike worked as an independent consultant in central New York. Write to him at [email protected].
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
