Strategic Information Security
Inside:
- Information security resolutions for the new year
- CISSP Training Program
- What we do
Start the year off right
A Business New Year’s Resolution
It’s the time of year for New Year’s resolutions. Certainly, we all have areas in which we want to improve. How about areas of your business? One area of business where there is often plenty of room for improvement is information security. When managed effectively, information security can be a tremendous value to any organization.
So, why not make a business New Year’s resolution for information security improvement and stick to it?
Information Security Improvement
It doesn’t matter if you’re a large enterprise with millions of dollars in your information security budget, or if you’re a two-employee company with no budget; there is always room for improvement. What are some areas where you should improve your information security this year?
Some areas of improvement to consider:
- Policies – Policies provide the rules and boundaries to your information security efforts, and are critical to success. Don’t assume that everyone knows what they should do to protect your critical information, state it plainly in policy.
- Training & Awareness – Technology isn’t the most significant risk to your information, its people. The people you trust the most are the very same people who can do the most damage; often times accidentally.
- Assessment – Take the time to understand what your risks are before spending thousands of dollars to remediate them. Approaching risks blindly is ineffective and costly. How well do you build something without first determining what you will build, where and with what?
- Mobile Device Management – The past few years have brought an explosion in mobile device usage, and the amount of information leaving the office in employee pockets might scare you. Understand this risk, and do something about it.
- Incident Management – You’ve heard the old saying “it’s not a matter of if, but when”. Be prepared for an information security incident. A poor response can cost more the original incident itself.
Take a look at your organization and come up with a list of four or five information security improvements that fit you best.
Stick to It
Once you have identified some areas of information security that you should (will) improve upon in 2012, resolve to stick to it!
According to statistics, only 20% of people who set out with a New Year’s resolution actually stick to it. Don’t let information security fall victim to these same statistics. Turn your New Year’s resolution into yearlong results by implementing these simple principles:
- Commit – Just like anything worthwhile, information security requires a commitment and it requires a commitment from the top. Company executives must be familiar with their roles and responsibilities in respect to information security, and set the standards.
- Document – Documentation provides direction, reference, and proof. Direction for everyone to get on the same page, reference for measurement and enforcement, and proof of due care and due diligence. For some; if it’s not documented, it doesn’t exist.
- Measure – Measure how well you are doing in what you set out to do. If you wanted to lose weight, wouldn’t you check the scale every once in a while?
- Review – As your organization changes, so should your efforts to protect the information your organization relies on. Things that are not regularly reviewed and updated and bound to die and fail.
So, look around and be honest with yourself. Do you have areas of information security that need to improve? Make 2012 a year that you resolve to do just that!
Evan Francen is the president of FRSecure, a full-service information security consulting firm. FRSecure has helped hundreds of organizations by providing cost-effective strategies and solutions to secure today’s challenging business environment. For more information about FRSecure or FRSecure’s services, visit www.frsecure.com.
Share this article
FRSecure Announces Spring CISSP Training Program
Led by Evan Francen, FRSecure President and 20 year Information Security veteran, our training program is designed to not only help you prepare for the exam, but give you real world experience that you can put to use in your organization.
Our last class went 5 for 5 passing the exam on their first try!
If you are contemplating getting your CISSP certification, or if you have information security responsibilities, this class is for you.
Click here for more information or to register.
Share this article
FRSecure on Cyberwarfare?
FRSecure doesn’t talk much about cyberwarfare, but that doesn’t mean we don’t have anything to say!
Recently, Guy Bauer from Chicago’s FM News 101.1 did a story about the United States’ response to cyberwarfare. In the interview, Guy asks FRSecure’s Evan Francen some questions.
Share this article
It’s that time of year
The year is coming to an end and you know what that means don’t you?
It’s time for us to re-visit 2011 and make our predictions for 2012! In the coming weeks, I’m going to write three articles that will help us close out the year and focus on what’s to come. It’s a tradition now, so we have to do it. ;)
The three articles:
- Revisiting FRSecure’s 2011 Predictions. Anyone can make predictions, but how many are actually willing to look back and see if they were right? We made our predictions on January 13th, 2011 and we’re going to see if we were even close to getting it right!
- Last year we provided you with “The top 10 most impactful information security stories of 2010“. This year we’re going to give you our top 10 most impactful information security stories of 2011. Are you wondering if your top 10 will match with ours? Stay tuned to find out!
- Lastly, we’ll break out our crystal ball and make some predictions for the coming year. 2012 is lining up to be a crazy year!
Be sure to stay with us during this series, it’s sure to be some fun. Subscribe to the FRSecure Blog by Email, or using our RSS feed.
Want to know more about FRSecure, read about us!
-Evan
Share this article
But who’s watching IT?
No really, who’s watching who?
What if I told you that there is a 48% chance that your network was breached by a hacker?
How would you react if I said that there is a 26% chance (1 in 4) that an IT staff member abused their logon privileges and accessed information that they shouldn’t have?
These statistics come the “2011 Survey of IT Professionals” recently published by Lieberman Software. The survey of more than 300 IT professionals contains some interesting, if not alarming information.
Share this article
Healthcare Data Protection, a Sad State
This morning, I finally had some time to sit down and read through the Second Annual Benchmark Study on Patient Privacy & Data Security research report from the Ponemon Institute. The study was conducted to help us understand the current state of information security within the healthcare industry. Overall, it’s a sad story. I’m not an alarmist or the boy who cried wolf, but the results of the study are alarming and people should be shouting for change.
Share this article
Thoughts on the Cyber Intelligence Sharing and Protection Act of 2011
On Wednesday, the U.S. House intelligence committee chairman Mike Rogers (R-Mich.), and ranking Democrat, C.A. “Dutch” Ruppersberger (Md.), introduced the “Cyber Intelligence Sharing and Protection Act of 2011“. The bill has already gained strong support from the telecommunications industry.
Does this mean you should support it too? It depends. At the very least, you should know what the bill is, and what it could mean to you.
What is the “Cyber Intelligence Sharing and Protection Act of 2011″?
The bill is an amendment to Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.). The bill is meant to foster cooperation and information sharing between the private sector and the government.
Share this article
The Five W’s of Information Security
Information security can be confusing to some people; OK, maybe most people. Why is information security confusing? Maybe it’s because we miss some of the basics.
The basics of information security could be summed up by explaining the “What, Why, Who, When, and Where” of information security.
The Five Ws of Information Security are:
- What is Information Security?
- Why do you need Information Security?
- Who is responsible for Information Security?
- When is the right time to address Information Security?
- Where does Information Security apply?
We could also include the sixth W, which is actually and “H” for How. The How is why FRSecure exists.