Southern Connections masthead image
Text Size
Small Text Normal Text Large Text Larger Text

Security is a Process

Continuous and embraced by all

Firewalls and anti-virus software are two of the dozens of components which are part of a potentially effective information security policy. But tangible components and software are not security. They help people conduct business in a secure way. They are, then, key tools which are applied to the process of security.

It is a process that must become part of an organization's day-to-day business culture. Or fail.

Effective policy development and information security planning always has two fundamental characteristics:

1.It is driven from the top down. Top management must treat security as important, abide by all of the adopted rules and guidelines and encourage everyone else to do so. Otherwise, the pervasive culture of security that actually drives an effective policy and implementation will not take root and flourish.v 2. It is fundamentally about protecting information. Valuable, proprietary information is often lost to careless telephone conversations, missent faxes, documents dropped in the trash whole when they should have been shredded and other commonplace errors and malicious behavior that no firewall or anti-virus software could possibly prevent. No matter how, expose a key password to the wrong person, and if they can get to the right keyboard, what is yours becomes theirs.

As a result, the effectiveness of your security policies depends, first of all, upon the behavior the your organizations' staff as they conduct day to day business.

The first steps toward developing and implementing an effective policy are (1) identifying assets, (2) identifying threats and (3) caculating risks.

Every viable organization has valuable assets.

You could lose credit card numbers, bank account numbers, materials whose creation required years of human effort, the use of software and computing resources which would be costly to replace, a great deal of expensive staff time and, potentially, the organization's good name and reputation.

Summary

Your organizational security policy is a general statement of the business rules that define the goals and purposes of security within an organization. Implementing such a policy inevitably requires investment in well-selected hardware and software.

Most important, however, are the ongoing leadership and continuous training required to inspire day-to-day attention to good security practices. Thus security, like business itself, is a process.

Home

Automation

Method

Marketing & Promotion

Analysis

Contact

Blog

Help

FAQ

Access Statement

Home | Web-Site Automation | Method | Marketing & Promotion | Analysis | Contact | Blog | Help | FAQ | Access Statement

SouthernConnections Inc.
Southern Connections Inc.
8 Saint Mary's Street, #9
Raleigh, North Carolina
Phone: (919) 341-2999
Fax: (919) 341-4955
Email: southern@southernconnections.com
Copyright (c) Southern Connections Inc. (SouthernConnections)
Terms of Use

Valid CSS! Valid HTML 4.01! Valid XHTML 1.0!