Key Components of Information Security
The following components, compiled by the Florida Department of Management Services, is a list of practices that could help your company on the road to better information security.
“Although you cannot make it completely immune to attacks, there are ways to improve the overall security of your system to make it less vulnerable.”CERT Coordination Center,
Carnegie Mellon University
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.
Good security has to start from the top, with executives who help create a corporate culture that values security.
Security is a complex job, so make sure someone is in charge of coordinating security efforts.
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.
Make security awareness an ongoing project. Employees need to understand why their role is so critical.
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.
Check our calendar for C-SAFE classes and important training events. Subscribe in your Google calendar.