• Sabyasachi

Security Program


No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals.

Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data and the value of your business is in its data. You already know this if your company is one of many whose data management is dictated by governmental and other regulations for example, how you manage customer credit card data. If your data management practices are not already covered by regulations, consider the value of the following:

  • Product information, including designs, plans, patent applications, source code, and drawings.

  • Financial information, including market assessments and your company’s own financial records.

  • Customer information, including confidential information you hold on behalf of customers or clients.

Elements of a good security program

The key components of a good security program are outlined in the following sections.

1. Designated security officer

For most security regulations and standards, having a Designated Security Officer (DSO) is not optional — it’s a requirement.

2. Risk assessment

This component identifies and assesses the risks that your security program intends to manage. The risks that are covered in your assessment might include one or more of the following:

  • Physical loss of data.

  • Unauthorized access to your own data and client or customer data.

  • Interception of data in transit. Risks include data transmitted between company sites, or between the company and employees, partners, and contractors at home or other locations.

  • Your data in someone else’s hands. Do you share your data with third parties, including contractors, partners, or your sales channel? What protects your data while it is in their hands?

  • Data corruption.

3. Policies and Procedures

The policies and procedures component is the place where you get to decide what to do about them.

4. Organizational security awareness

The security community generally agrees that the weakest link in most organizations’ security is the human factor, not technology. And even though it is the weakest link, it is often overlooked in security programs. Don’t overlook it in yours.

5. Regulatory standards compliance

In addition to complying with your own security program, your company may also need to comply with one or more standards defined by external parties. This component of your security plan defines what those standards are and how you will comply.


9 vistas

Project Management Institute, PMI, Project Management Professional, PMP, PMBOK, Certified Associate in Project Management, CAPM, PMI A, PgMP, PfMP, ACP, PBA, RMP, SP and OPM3 are registered trademarks and property of Project Management Institute, Inc .


SBOK, the SCRUMstudy logo, SDC, SMC, SAMC, SPOC and ESMC are registered trademarks of SCRUMstudy ™ (a trademark of VMEdu, Inc).

 

Six Sigma Yellow Belt SSYB, Six Sigma Green Belt SSGB, Six Sigma Black Belt SSBB, Lean Six Sigma Black Belt (LSSB), are registered trademarks and property of 6sigmastudy.

 

The company names and company logos mentioned on this website are registered and proprietary trademarks of the corresponding companies.

 

© 2020 KiPoint Solutions, S.A. from C.V. - All rights reserved.

(+52 55) 6381 3969 | contacto@kipoint.com.mx

 

Notice of Privacy

  • Facebook - Black Circle
  • Twitter - Black Circle
  • LinkedIn - Círculo Negro
  • YouTube - Black Circle