At the end of the article, it mentioned briefly on how to defense in depth against threats and attacks. I find it a good reminder for everyone of us.
- Least privilege access– to help ensure that users have the minimum access to do their job
- Decouple security from administration– don’t allow non-security personnel to change security settings
- Fine-grained control over admin access– helps contain the damage if a system is breached
- Shared account management– to eliminate shared passwords and improve accountability
- User activity auditing– track and audit all access to help identify potential attack attempts
- Information protection– control not only access to information, but its use
Very common-sense advice, but how many of us really practice it at all times? :)