Are you considering a security plan for your organization?
Careful planning will prevent gaps that can put you at risk. Here are 4 tips for building a security plan that will not only guard against data breaches and ensure business continuity, but also increase your organization’s ability to adapt in the face of change.
Note: this tool is intended to guide decisions and stimulate focused conversations about risk management. For a complete assessment of your needs, please contact your Bell representative for the latest information on our offerings and sample consultation scenarios. You can also request to be contacted by a Bell representative by clicking here.
1. Build a security risk management framework
Security risks are all too often addressed only when an event occurs. Risk management should be a continuous, closed loop.
Start your plan with a clear understanding of the security requirements of your organization, then inventory existing security infrastructure.
As part of your overall risk management framework, you should have plans in place for:
- Business continuity and disaster recovery
- IT architecture hardening
- Achieving compliance
Here are the stages in creating the risk management loop:
- Assessment: Develop a process that guarantees thoroughness, even as your organization changes. Create a comprehensive assessment tool and put someone in charge of getting the job done
- Prioritization: The areas of greatest risk may not be the areas that you are under pressure to address. Make sure that first things come first
- Remediation: Plug the gaps and you ensure business continuity and security
- Cycling: Go back to the assessment stage and repeat the process on a scheduled basis
2. Classify information assets
While all information assets must be safeguarded, some data has a much lower risk tolerance. Therefore, classifying those information assets is a critical step in any security plan.
The following steps will help you start your own classification:
- List all information assets, and identify critical information assets
- Implement a standardized rating scheme across business units to help classify information assets based on injury tests for confidentiality, integrity and availability (hardcopy and electronic formats)
3. Implement/tighten identity and access management
Because it touches every part of your business, identity and access management (IAM) is crucial to security.
Here are four important steps that should be included as part of the IAM section of your security plan:
- Enforce a password policy
- Enable a hierarchy of access levels
- Be certain that user access privileges can be disabled instantly
- Maintain effective control of individuals’ digital identity lifecycles
To make the IAM part of your plan less onerous, you can take the following steps to make life simpler for users and administrators alike:
- Provide simplified sign-on in order to maximize productive time
- Delegate security administration to a key team, complete with scheduled duties and protocols
- Maintain central control
4. Ensure governance and compliance
One of the biggest drivers behind protecting information assets is meeting regulatory obligations. To help ensure compliance, you should:
- Take a proactive approach to governance of your policies, responsibilities and processes. Create a process-oriented framework with components such as:
- Control Objectives for Information and Related Technology (CobiT)
- IT Infrastructure Library (ITIL)
- International Standards Organization (ISO) 27001
- As you formulate your security plan, take care to document and build a defensible case for compliance that shows:
- You have taken the right steps, at the right time, to mitigate risks and comply with applicable regulations such as PIPEDA and Sarbanes Oxley
- The tightening of standard security practices in order to mitigate risk and to ensure business continuity
Talk to Bell
If you need a hand in formulating or implementing your security plan, Bell can help. We have developed our own comprehensive security roadmap across the enterprise, and we can leverage our experience to create and implement a plan for your organization.
For more information, contact your Bell representative today or click here to have a Bell representative contact you.