Best Practices For Securing Enterprise Networks
by David M. Piscitello and Lisa Phifer
Posted 4/17/2003; Published 12/2002




Safeguarding networked assets is an operational and business necessity, but to do so, you must understand the threats, quantify the potential cost of being attacked and employ security best practices to manage business risk.


To defend the integrity of your company’s networked assets, we recommend following “best practices” and security measures as a foundation. The list below is our “Top 10” recommended security practices, although there certainly are other steps that can—and should—be taken.


  1. Physical security.

  2. Secure perimeters.

  3. Authentication.

  4. Content inspection.

  5. System and server integrity.

  6. Information integrity.

  7. Availability.

  8. Access Controls.

  9. Intrusion prevention, detection and rejection.

  10. Auditing and Logging.


The security industry too often relies on fear, uncertainty and doubt (FUD) to sell products and services. The goal of this article is to inform, educate and, in so doing, ratchet what sometimes seems to be a depressingly dismal security baseline a little tighter. The proposition we hope you can sell within your organization is simple: If lax security practices can cost your organization considerable economic pain and suffering, can stringent security practices, over time, save you money?


About the authors:

David M. Piscitello is president and Lisa Phifer is vice president of Core Competence, Inc., an internationally recognized consulting firm specializing in network security.



Access paper

Approx. 161 kB


For help with .pdf file downloads, please check out the help topic.


Return to Business Communications Review Gold Sponsor Archives


Return to Security menu

This article is reproduced by special arrangement with our partner, Business Communications Review.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at