top of page
Buscar

Security Program

  • Foto del escritor: Sabyasachi
    Sabyasachi
  • 18 ene 2016
  • 2 Min. de lectura

No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals.

Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data and the value of your business is in its data. You already know this if your company is one of many whose data management is dictated by governmental and other regulations for example, how you manage customer credit card data. If your data management practices are not already covered by regulations, consider the value of the following:

  • Product information, including designs, plans, patent applications, source code, and drawings.

  • Financial information, including market assessments and your company’s own financial records.

  • Customer information, including confidential information you hold on behalf of customers or clients.

Elements of a good security program

The key components of a good security program are outlined in the following sections.

1. Designated security officer

For most security regulations and standards, having a Designated Security Officer (DSO) is not optional — it’s a requirement.

2. Risk assessment

This component identifies and assesses the risks that your security program intends to manage. The risks that are covered in your assessment might include one or more of the following:

  • Physical loss of data.

  • Unauthorized access to your own data and client or customer data.

  • Interception of data in transit. Risks include data transmitted between company sites, or between the company and employees, partners, and contractors at home or other locations.

  • Your data in someone else’s hands. Do you share your data with third parties, including contractors, partners, or your sales channel? What protects your data while it is in their hands?

  • Data corruption.

3. Policies and Procedures

The policies and procedures component is the place where you get to decide what to do about them.

4. Organizational security awareness

The security community generally agrees that the weakest link in most organizations’ security is the human factor, not technology. And even though it is the weakest link, it is often overlooked in security programs. Don’t overlook it in yours.

5. Regulatory standards compliance

In addition to complying with your own security program, your company may also need to comply with one or more standards defined by external parties. This component of your security plan defines what those standards are and how you will comply.


 
 
 

Comentários

Project Management Institute, PMI, Project Management Professional, PMP, PMBOK, Certified Associate in Project Management, CAPM, PMI A, PgMP, PfMP, ACP, PBA, RMP, SP y OPM3 son marcas registradas y de propiedad del Project Management Institute, Inc.
 

SBOK, el logotipo de SCRUMstudy, SDC, SMC, SAMC, SPOC y ESMC son marcas registradas de SCRUMstudy™ (una marca de VMEdu, Inc).

Six Sigma Yellow Belt SSYB, Six Sigma Green Belt SSGB, Six Sigma Black Belt SSBB, Lean Six Sigma Black Belt (LSSB), son marcas registradas y de propiedad de 6sigmastudy.

Los nombres de empresas y los logotipos de empresas mencionados en este sitio web son marcas comerciales registradas y de propiedad de las empresas correspondientes.

© 2020 KiPoint Solutions, S.A. de C.V. - Todos los Derechos Reservados.

(+52 55) 6381-3969| contacto@kipoint.com.mx

Aviso de Privacidad

  • LinkedIn - Círculo Negro
  • YouTube - Black Circle
bottom of page