Implement in-depth defense. A layered defense strategy includes technical, organizational, and operational controls.
Establish clear policies and procedures for employee use of your organization’s information technologies.
Implement technical defenses: firewalls, intrusion detection systems, and Internet content filtering.
Update your system’s anti-virus software daily.
Regularly download vendor security "patches" for all of your software.
Change the manufacturer's default passwords on all of your software.
Monitor, log, analyze, and report successful and attempted intrusions to your systems and networks.
Make passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase).
Change passwords regularly (every 45 to 90 days).
System Failure or Disruption
Has your system or website’s availability been disrupted?
Are your employees, customers, suppliers, or partners unable to access your system or website?
Has your service been denied to its users?
Unauthorized Access or Changes
Are you aware of anyone attempting (either failed or successful) to gain unauthorized access to your system or data?
Has anyone made unauthorized changes or additions to your system's hardware, firmware, or software characteristics without your IT department’s knowledge, instruction, or consent?
Are unauthorized parties using your system for the processing or storage of data?
Are former employees, customers, suppliers, or partners still using your system?