Monitor security advisories. Resources include:

• CERT
• CIAC (http://ciac.llnl.gov/)
• COAST

   Make sure the current recommended/security patches are installed. Check the Sunsolve site for the most current recommended patch cluster that applies to your system.

   Regularly check the system for dormant accounts and disable any that have not been used for a specified period (e.g., 3 months).

   Ensure appropriate physical controls: locate the system in a controlled area (locks, limited access); maintain the system at reasonable temperature and humidity conditions; develop and post emergency procedures, including emergency contacts.

   Develop a process and a procedure for backups, including retention policies; store backups in secure area, equivalent to the level of the system being backed up; develop processes and procedures for restoration from backups.

   Develop a set of tests to determine system vulnerability, develop procedures for running tests on a periodic basis, and update tests based on increased threats.

   Develop contingency plans in advance for system compromise and restoration.