IT security managers must establish an appropriate information and Internet security policy and an auditing process. Security in their company must be seen as an essential part of their business survivability. Also, security processes must be an everyday activity, not something you do once and forget about it, as security itself is such subject that it is changing not even daily but hourly. There are legal authorities whose job is to process complies if something goes wrong and their security forts fail to respond properly, and management must be aware of these bodies.
Security policy must provide written rules that are saying how computer systems should be configured and how organization's employees should conduct business before they use information technology. Policies have to be well controlled, and they will be the baseline for implementation. If we do not have a policy, there will be no plan upon which an organization can design and implement an effective security program. You have to ask yourself about most important security policies, and what is their role in helping achieving business objectives. There are a number of sub policies, which we will not cover here, as this article is about implementing only basic security measures.
Ask yourself - how does your organization identify critical information assets and risks to those assets? What are the potential financial impacts of a successful attack against these assets? Do you have any insurance policies to mitigate and transfer potential losses for your information security risks? Risk management is about conducting an information security risk evaluation that identifies critical information assets (i.e. systems, networks or data), threats to critical assets, assets vulnerabilities and risks. You should identify the adverse impacts when risks to critical assets are realized, and quantity the financial impact to the greatest extent possible. Do have a risk mitigation plan resulting from the evaluation, and ensure there is a regular review and management of the risks to critical information assets.
Security Architecture & Design
You should know the primary components of your organization's security architecture. How does your security architecture help your business exactly? Know what assets to secure the most and know why.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.