Strategic Information Security
Inside:
- Information security resolutions for the new year
- CISSP Training Program
- What we do
Monthly Archives: January 2012
Start the year off right
A Business New Year’s Resolution
It’s the time of year for New Year’s resolutions. Certainly, we all have areas in which we want to improve. How about areas of your business? One area of business where there is often plenty of room for improvement is information security. When managed effectively, information security can be a tremendous value to any organization.
So, why not make a business New Year’s resolution for information security improvement and stick to it?
Information Security Improvement
It doesn’t matter if you’re a large enterprise with millions of dollars in your information security budget, or if you’re a two-employee company with no budget; there is always room for improvement. What are some areas where you should improve your information security this year?
Some areas of improvement to consider:
- Policies – Policies provide the rules and boundaries to your information security efforts, and are critical to success. Don’t assume that everyone knows what they should do to protect your critical information, state it plainly in policy.
- Training & Awareness – Technology isn’t the most significant risk to your information, its people. The people you trust the most are the very same people who can do the most damage; often times accidentally.
- Assessment – Take the time to understand what your risks are before spending thousands of dollars to remediate them. Approaching risks blindly is ineffective and costly. How well do you build something without first determining what you will build, where and with what?
- Mobile Device Management – The past few years have brought an explosion in mobile device usage, and the amount of information leaving the office in employee pockets might scare you. Understand this risk, and do something about it.
- Incident Management – You’ve heard the old saying “it’s not a matter of if, but when”. Be prepared for an information security incident. A poor response can cost more the original incident itself.
Take a look at your organization and come up with a list of four or five information security improvements that fit you best.
Stick to It
Once you have identified some areas of information security that you should (will) improve upon in 2012, resolve to stick to it!
According to statistics, only 20% of people who set out with a New Year’s resolution actually stick to it. Don’t let information security fall victim to these same statistics. Turn your New Year’s resolution into yearlong results by implementing these simple principles:
- Commit – Just like anything worthwhile, information security requires a commitment and it requires a commitment from the top. Company executives must be familiar with their roles and responsibilities in respect to information security, and set the standards.
- Document – Documentation provides direction, reference, and proof. Direction for everyone to get on the same page, reference for measurement and enforcement, and proof of due care and due diligence. For some; if it’s not documented, it doesn’t exist.
- Measure – Measure how well you are doing in what you set out to do. If you wanted to lose weight, wouldn’t you check the scale every once in a while?
- Review – As your organization changes, so should your efforts to protect the information your organization relies on. Things that are not regularly reviewed and updated and bound to die and fail.
So, look around and be honest with yourself. Do you have areas of information security that need to improve? Make 2012 a year that you resolve to do just that!
Evan Francen is the president of FRSecure, a full-service information security consulting firm. FRSecure has helped hundreds of organizations by providing cost-effective strategies and solutions to secure today’s challenging business environment. For more information about FRSecure or FRSecure’s services, visit www.frsecure.com.