Think for a moment about the possibility of your organization’s infrastructure being compromised by hackers.
-
How valuable would information about your infrastructure be?
-
Do you really know how much sensitive information is publicly accessible or easily obtainable with a little creativity?
-
How can you stop hacker theft of this information?
Today, the nature of cyber-attacks has increased in frequency and sophistication. Data breaches are getting bigger, more continuous and expensive. As the most recent exposure of data rupture at Target highlights, management of an information security program is an essential business function for all organizations. Security experts around the globe concur that an overall planned and sound information security program not only helps diminish the likelihood of data breaches but also affords a better response if a breach does occur.
Among the biggest barriers to developing a security strategy are the various security standards and frameworks in the security space. It’s difficult to choose, parse, and customize best practices for a specific context.
Reinforce your organization’s security
Trends such as advanced persistent threats (APTs) have made attacks more sophisticated and more challenging to identify than ever before. Technologies such as Bring-Your-Own-Device and cloud security, which are experiencing rapid adoption rates, add a layer of intricacy to the security environment.
Build from the bottom up
Outline your organization’s security obligations, scope, risk position and complexity of your environment first. A critical step for any security team is to develop a holistic view of the organization’s overall security needs before obtaining technology solutions. Ensure that your organization is building a comprehensive security program that covers it from top to bottom.
Take into account people, processes, and technologies
A comprehensive security program includes both governance and management activities that use people, processes and technologies to prevent, detect, respond to, and recover from incidents. Ongoing monitoring and performance measurement are also crucial elements.
Assess the Current State
Recognize your organization’s security requirements, scope and boundaries as an important first step to developing a security strategy. Security requirements can be divided into three areas:
1. Business requirements – Security’s commitment to the business
2. Compliance requirements – Legal, regulatory or contractual obligations that security must realize.
3. Client requirements – Security commitments that the client expects the organization to uphold.
Your organization’s scope and boundaries are limited by physical presence, the IT systems in place as well as its data and specifics. Penetration rates can enable the organization to understand how vulnerable its systems and processes are.
Establish the Target State
Establish and analyze your organization’s security risk profile, and then work to identify the security future state based on this analysis.
Know where the business is headed to guide the security management in the same direction. Establish and analyze the security risk profile. Take into account the following criteria, and then conduct a gap analysis to understand how to get to your organization’s target state.
-
Industry profile;
-
Security requirements;
-
Risk tolerance;
-
Number of employees;
-
Number of physical locations and
-
Complexity of technology environment
Determine Your Organizational Readiness
Evaluate and act on the organization’s readiness to implement a security strategy and enhance the chance of implementation success:
-
Resource readiness – financial and human capital readiness
-
Skills and capabilities readiness – identify any skill or capability restraints
-
Motivational readiness – commitment to change
-
Culture readiness – organizational acceptance for change
Plan for the Transition
Develop a security roadmap to plan for the transition – using metrics. Without them, your organization’s team will be unable to measure – and communicate – the difference.
Implement a Security Roadmap
The security roadmap will include the IT security governance and policies required to ensure that security is built-in as the organization plans, designs, deploys and manages their IT infrastructure and applications.
Litcom Approach
Litcom will help your organization develop an information security program that is effective, adequate to your organization culture, and cost effective. We offer professional consulting services for organizations to select, plan, and implement information security products and solutions in areas such as: Security Information and Event Management (SIEM) technologies, Intrusion Detection and Intrusion Prevention Systems (IDPS), Identity and Access Management Solutions (IAM), Security Architecture and Design. We help our clients progress through the various selection stages from requirement definition, to development of Request for Proposals (RFP), to vendor evaluation and contract negotiation, and to project management and implementation. For more information, please contact us at: [email protected].
Stay Connected
265 Rimrock Rd., Suite 202
Toronto, Ontario M3J 3C6
phone: 905 763 8900
fax: 905 763 8233
email: [email protected]
Recent Posts
- 8 Project Management Issues that can quickly derail a project
- What is your organization’s security strategy?
- How CIOs should be thinking about the cloud
