037
CHECK POINT 2013 SECURITY REPORT
05
_ SUMMARY AND SECURITY STRATEGY
Organizations should ensure that users are involved in
the security process. Employees need to be informed and
educated on the company’s expectations of them when
they browse the Internet or share sensitive data. At the
same time, security should be seamless and transparent
and should not change the way users perform their work.
Implementation of a security program should include:
Education programs: to ensure that all users are aware
that corporate systems are potentially vulnerable to
attacks and that their own actions may allow or help
prevent these assaults.
Technology: to advise people in real time as to why
certain operations are risky and how these can be
conducted in a secure manner.
Enforcement
Deployment of security technology solutions such
as security gateways and endpoint software is critical
for protecting organizations from security breaches
and loss of data. Security gateways should be installed
at all interconnects, ensuring that only relevant and
authorized traffic enters and leaves the network. This
validation should take place at all layers of security and
on all communications, protocols, methods, queries,
responses and payloads using firewall, application
control, URL filtering, DLP, IPS, anti-virus and anti-
bot security solutions.
