Every business is, almost by definition, unique. Each faces its own specific risks, including information security risks.
Nevertheless, we have found 13 common principles at the heart of any enterprise’s information security profile. The order is not necessarily important, but a comprehensive approach is.
Data mapping: A business cannot protect information that it does not know it has. Before undertaking any information security upgrade, the business should confirm its understanding of what types of information it actually gathers, uses and stores; how that information really is used in the company’s operations; where it is stored; and who interacts with it. For example, a well-secured document management system is a good thing, but if users regularly email documents and save them as attachments, or if they copy them to desktops and mobile storage media, the document management system itself no longer provides security. A realistic assessment of actual information practices is the only way to ensure that security measures meet the real world.
Network security: Formal network security requires having the proper technology in place to secure the internal network from unwanted intrusions. Examples are multi-layered firewalls, intrusion detection systems and intrusion prevention systems. For the full article click here
from cyber security caucus http://ift.tt/2b2lxWW
via IFTTT
No comments:
Post a Comment