Practical Security Management: Getting Back to Basics
At the core of every form of protection is a good solid process, and that goes back to the basics. By understanding the environment, conducting a risk assessment and applying the right controls based on the environment and the risk, organizations can automate systemic controls that will allow them to operate more efficiently and avoid human failure.
In getting back to basics, security executives must revisit the fundamentals and answer the key questions of: Where is my data? Who has access to it? How well do we protect it? Can we move quickly to address things that threaten it?
To answer these questions, security executives need an independent assessment process and consistent way of keeping score to determine progress over time. One best practice is to conduct a gap analysis that focuses on the business drivers that impact the business, industry regulations, and the changing nature of threats that specifically impact the business. |