Suppose you started working as a network manager at a medium-sized firm with an Internet presence, and discovered that the previous network manager had done a terrible job of network security. Which four security controls would be your first priority? Why? Please discuss the ideas of your classmates as well.

In such a situation, I believe that the severity of the blunder that has occurred in the presence of the previous manager has to be assessed first by running a full security risk analysis of the computer network. Following are the first four security controls that would be on my priority list.

  1. Assess the virus protection of the computer network.
  2. Check for the disaster mechanism and make it compliant with networking standards.
  3. Check the strength of the user login security policies to prevent against internal threats.
  4. Install a firewall for security against external threats.