Here are some of the key components of good security policy.
1.Identify your risks.
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.
2.Get the CEO involved.
Good security has to start from the top, with executives who help create a corporate culture that values security.
3.Put someone in charge.
Security is a complex job, so make sure someone is in charge of coordinating security efforts.
4.Develop and implement a security policy.
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.
5.Educate employees and raise awareness.
Make security awareness an ongoing project. Employees need to understand why their role is so critical.
6.Have a security audit done.
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.
7.Incorporate physical security into the plan.
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.
8.Remember internal threats.
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.
9.Stay tuned in.
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.
10.Prepare for the worst.
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.
No comments:
Post a Comment