When it comes to network security, you need a plan. As a technology services provider, we’ve been focusing less on specific configurations, and more on policies, procedures and standards. While we continue to implement technical configurations to support these documents, we now begin our security discussions at a much higher level. Once we have a better understanding of business security objectives, then we dig into the details when creating security policies, procedures and standards.
Troy Kutzera, Marco Systems Administrator, said, “The key that we’ve learned over the past few years is that technical controls cannot take you very far when it comes to security without the support of administrative policies and controls.” Technical security configurations lose their effectiveness without the proper policies and procedures for support. Our network security services put into practice the principles identified by FRSecure:
#1: Information Security Must Align with Business Objectives
We know that your primary business objective is not information security. For this reason, your IT security must enable secure business operation AND be cost effective. If these needs aren’t satisfied, there will be frustrations amongst management, employees and possibly customers.
#2: Information Security is Not an IT Issue
IT must align with management in order to be effective across the entire company. Too often, IT issues remain a problem for the IT department to sort out. Rather, management should be integrated into the discussions around IT security because the protection it provides extends far beyond the IT department. FRSecure states, “Information security is the application of administrative, technical and physical controls in an effort to protect information confidentiality, integrity and availability.”
#3: Information Security is Fun
According to FRSecure, when information security is done right, it can be fun – for you and your IT wizards. Securing your information can be productive and provide benefits to your operations, if done right.
#4: People, not Technology, Are the Biggest Risk
Whether intentional or accidental, people create the biggest threats to information security. This is why policies, procedures and standards are so important. These documents don’t do anything to manage the risk of the technology. Rather, they create boundaries and guidelines for the people operating within your firewalls.
#5: “Compliant” and “Secure” are Two Different Things
Being compliant means establishing measures that allow you to conform to rules or guidelines, most often set by legal entities. Security may include compliance, but it isn’t restricted to that alone. In fact, security extends far beyond conformity, by managing the risks surrounding your data.
#6: There is no Common Sense
If all it took was common sense for information security to be effective, all businesses would have a solution that better meets their needs and wants. IT security is too complex for common sense alone; a more comprehensive approach is needed to develop a security solution that is right for your business.
#7: “Secure” is Relative
What is secure for one business may not be secure enough for the next. Our network security services believe that as each business is unique, so are their definitions of security.
#8: Information Security Should Drive Profits
To re-emphasize the importance of principle #1, this principle amplifies the significance IT security should have on your business. Not only should it be cost-effective and enable productivity, but it should support your business’s success. When developing your security foundation, we’ll consider the security benefits your organization should realize when your policies and procedures are implemented.
#9: Information Security Solutions are Not One-Size-Fits-All
Because each business has unique needs and definitions of security, plus compliance requirements, each solution will be unique. Custom security solutions are the only way to mitigate risks and protect your information.
#10: There is No “Easy Button”
Easy solutions most often sacrifice effectiveness, which is something that you shouldn’t take lightly when it comes to information security. Put forth the effort now to save yourself loss and frustrations in the future.
If you are looking for a solution to assess and address IT threats for your organization, request a Business IT assessment.