As security threats mount and become more complicated, and pressure to combat them becomes more intense, companies will be forced to deal with the issue one way or another.

By being proactive and consistent now, the cost of security, such as massive productivity disruption to deal with security emergencies, and/or unplanned cash outlays, can be minimized or avoided altogether.
Follow these tips to achieve security success in your organization.

First, examine existing security policies and procedures to use what’s relevant and augment strategically where needed. Many security measures can be taken without any additional expense by turning on features in existing programs, and setting policies that enforce safe computing. If appropriate, an outsourced security resource can maximize the value of your existing infrastructure.

Second, develop a plan based on the above-mentioned inventory. To be successful, it must: a) start at the top and be useful and functional at every organizational level (e.g., non-technical executives must be able to understand what is going on to fully support the steps); b) provide overall protection now and a strategy for long-term protection; c) achieve company-wide acceptance and adherence; d) be economically sustainable, including contingency planning for unforeseen budget crises down the road (the greatest plans in the world will fail if incompletely deployed).

Establish protocols to deal with all levels of potential and real problems. First, cement such preventive measures as password protection. Even though most companies have policies for such basic functions as periodic password changing, few offer an automated password update function that forces employees to change it. Enforcement is key to preventing problems.

Audit trails and exception reports will help identify problem causes and sources post-incident; and a corrective plan of action will help prevent recurrence. When corrections are made, security administrators must be able to test them before launch to ensure proper protection.

Finally, monitor/audit regularly. Big picture views of how the entire system is functioning will help identify weaknesses in management and maintenance of a security system. And, it will help you understand where overarching changes need to be made to preserve necessary security levels.

Among the areas to watch closely are firewalls and any other security applications. Make sure to match them up to security policy, convey information in a consistent way to achieve a true apples-to-apples comparison, and issue an alert if/when a violation occurs.

(The above security tips are adapted from Gene Smith’s June 2009 Denver Business Journal column.)

Tags: IT Management, IT Services, Security

This entry was posted on Monday, July 6th, 2009 at 7:38 pm and is filed under IT Management. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.