Twitter
Jun
18
Echoing an article I wrote for www.ecsuite.com
To what extent are you prepared to protect your investment from the myriad of vulnerabilities today’s businesses have to deal with? Understanding how the security puzzle is structured is the first step to knowing how to apply a holistic approach. Given that the implementation of this approach does take time, not addressing any one part is guaranteed to have a negative effect on the overall running of your business.
Deciding where and how to start implementing security measures in your company can be a daunting task. No matter if you’re just starting up a new business or whether you already have a number of security controls in place, often complying to standards doesn’t necessarily mean you’ve got your assets covered. This puts your company in a critical position to work toward protecting your investments. Ad hoc implementations of security controls will spiral out of control often leaving you in a more vulnerable position than when you started off. Thinking of what a business might stand to lose has never been more important in this day and age.
To what extent are you prepared to protect your investment from the myriad of vulnerabilities today’s businesses have to deal with? Understanding how the security puzzle is structured is the first step to knowing how to apply a holistic approach. Given that the implementation of this approach does take time, not addressing any one part is guaranteed to have a negative effect on the overall running of your business.
Deciding where and how to start implementing security measures in your company can be a daunting task. No matter if you’re just starting up a new business or whether you already have a number of security controls in place, often complying to standards doesn’t necessarily mean you’ve got your assets covered. This puts your company in a critical position to work toward protecting your investments. Ad hoc implementations of security controls will spiral out of control often leaving you in a more vulnerable position than when you started off. Thinking of what a business might stand to lose has never been more important in this day and age.
Taking a divide and conquer approach allows us to categorize security on three levels – namely the logical, physical and organizational level. Combined with the right controls and management, enterprise security begins to take shape.
The aim is to achieve a state where security and usability are perfectly complemented - while ensuring that due diligence is observed. Adding too many security controls will cripple usability, and not looking at all angles will most likely result in a false sense of security.
Most of the work happens at the logical level as we ensure that data is transmitted, stored and accessed securely throughout an enterprise.
The tools needed to accomplish this range from endpoint security software to establishing and using standard encryption techniques. Storing your data in a safe place is equally important, as well as ensuring that it is guarded by strong authentication mechanisms such as smartcards. Moreover, there are also preventive measures that look at perimeter security and server security, both of which contribute to ensuring compliance with various standards like the PCI DSS.
From a physical security standpoint, controlling access to secured areas helps prevent physical damage. However, this alone is certainly not enough in the interest of your assets. Creating restricted areas and controlling access to them, although necessary, merely prevents against sabotage attempts, which can indeed have a devastating effect on the ability to operate the business.
On an organizational level, education and security awareness are key. People are often the weak link in security, but also the greatest asset for a security department. The creation of policies help in this area but if left outdated, they become seemingly useless and unobserved.
On the other hand, enforcing policies coupled with the right education and awareness works wonders on all fronts - no matter at what level your staff might be.
“Security is not about being killed by an alligator. Usually, it is about being eaten to death by a thousand chickens”
History shows that failure rarely comes in the form of one single catastrophe. Rather, we fall as the result of many small mistakes or ignored advice or lessons we have failed to take notice of.
The rules of engagement are simple. In order to reduce the amount of risk your company is exposed to, each area must be given the right amount of importance. Essential to rapid response to any crisis, is the ability to recognize when it’s building up and nip in the bud. In doing so, security becomes a process rather than goal.
Original link
The aim is to achieve a state where security and usability are perfectly complemented - while ensuring that due diligence is observed. Adding too many security controls will cripple usability, and not looking at all angles will most likely result in a false sense of security.
Most of the work happens at the logical level as we ensure that data is transmitted, stored and accessed securely throughout an enterprise.
The tools needed to accomplish this range from endpoint security software to establishing and using standard encryption techniques. Storing your data in a safe place is equally important, as well as ensuring that it is guarded by strong authentication mechanisms such as smartcards. Moreover, there are also preventive measures that look at perimeter security and server security, both of which contribute to ensuring compliance with various standards like the PCI DSS.
From a physical security standpoint, controlling access to secured areas helps prevent physical damage. However, this alone is certainly not enough in the interest of your assets. Creating restricted areas and controlling access to them, although necessary, merely prevents against sabotage attempts, which can indeed have a devastating effect on the ability to operate the business.
On an organizational level, education and security awareness are key. People are often the weak link in security, but also the greatest asset for a security department. The creation of policies help in this area but if left outdated, they become seemingly useless and unobserved.
On the other hand, enforcing policies coupled with the right education and awareness works wonders on all fronts - no matter at what level your staff might be.
“Security is not about being killed by an alligator. Usually, it is about being eaten to death by a thousand chickens”
History shows that failure rarely comes in the form of one single catastrophe. Rather, we fall as the result of many small mistakes or ignored advice or lessons we have failed to take notice of.
The rules of engagement are simple. In order to reduce the amount of risk your company is exposed to, each area must be given the right amount of importance. Essential to rapid response to any crisis, is the ability to recognize when it’s building up and nip in the bud. In doing so, security becomes a process rather than goal.
Original link
0 Trackbacks