Re: Basic Computer Security Advice Needed

Hi,
I suggest OWASP for security information: http://www.owasp.org.

Bo

2008/5/17 Mark Goodridge <mrgoodridge@xxxxxxxxxxxxxx>:
I am what passes for the computer technology guy at a small elementary
school. I'm trying to improve the security of the information we store on
our computers and I hope this list can give me some advice.

First, I'm looking for an appropriate definition of information security as
it would apply to my situation. "If I don't know what it is, how will I know
when I've found it?"

Second, I need to write a policy or a checklist, or a document of some sort
we can use to evaluate, monitor, and improve our computer/information
security.

We're constrained by time, training, and money. Any policy I devise has to
be capable of being implemented and managed by people with modest computer
skills (the equivalent of the CompTIA A+ or Network+) with limited time
available, and for all practical purposes, no funding.

I realize that under these circumstances an extremely high level of security
is unobtainable and probably unnecessary in any event. What I hope to be
able to do it to make the information on the LAN secure from the casual
hacker and all but the most persistent attacks from those who might
deliberately target our network.

Can you direct me toward any resources; particularly security definitions,
security frameworks, or security policies that you think might assist me? I
have done the usual Google searches and come up with an overwhelming list of
web sites but I was wondering if you knew of anything that specifically
addressed my problem.

Thank you for your assistance,

Mark Goodridge




--
No pains,no gains.

Relevant Pages

  • RE: Network and information security question
    ... All the computers have to be Pro. ... detaching the home versions from the network and making them work outside the ... configurations you can use group policy to manage the employee computers, ... tighten security. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: assured dns resolutions (secure)
    ... > come from the real dns server, ... > diverting network clients to use the false IP is not insiginificant. ... 2535 Domain Name System Security Extensions. ... For example, non-company computers were simply ...
    (comp.os.linux.networking)
  • RE: [Full-Disclosure] Insecurity in Finnish parlament (computers)
    ... > It is unlikely that all the computers have the same security ... > (both in TeliaSonera and in our parlament). ... Red herring. ...
    (Full-Disclosure)
  • Re: Basic Security Help
    ... a network is weak or no passwords followed by malicious user on your ... -- Use password policy to enforce strong passwords in the domain by enabling ... -- Be sure that computers are kept current of critical security updates from ... Windows Updates or using a SUS server to authorize and distribute security ...
    (microsoft.public.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Can Easy To Use Software Also Be Secure ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)