LAS VEGAS-Randy Romes offered a list of the top 10 things every CU should have for good security:
1. Strong policies that define what is expected.
2. Defined user access roles and permissions-most users should NOT have administrator rights.
3. Hardened internal systems, including changing default vendor passwords.
4. Encryption for all systems. CUs remember to encrypt laptops and desktops, but do not encrypt e-mail enabled cell phones.
5. Vulnerability management process that includes patches and regular testing.
6. Well-defined perimeter security layers.
7. Centralized audit logging, analysis and automated alerting capabilities.
8. Defined incident response plan and procedures ("Think in terms of when, not if," he said)
9. Validate that everything works as expected through audits and testing.
10. Vendor management-apply the previous nine topics to all business partners.
