CALL T O D A Y l 727-596-9791
 
 
Custom Search
     

Home | Industry Experts | Business Directory | Meeting Venues | Advertise & Marketing Info. | Education & Training Calendar | Contact | About Us | Subscribe |

  
 

BABM Bookmarks

Current Issue

Back Issues

Feedback

Book A Speaker

Join BABM

Business Announcements

Marketing Partners
Business Directory Meeting Venue Directory

Business Topics

Testimonials

Featured Businesses
Brian Beirl, DDS

 Kingery & Crouse PA

 TZDesign Group
 
 
 
 

Information Security Best Practices
Part I

By Michael Dittmer

A company’s reputation is priceless and, therefore, protecting that reputation deserves high priority.  In fact, there have even been studies performed that suggest that a long-standing, solid reputation not only gives a company a competitive advantage, but may also lead to greater profitability in the long run due to increased public trust.  One way to protect your company’s reputation is to ensure solid information security practices are implemented, tested and proven to be effective across the organization.  A comprehensive information security program combined with excellent documentation are two key elements to success when protecting a company’s reputation through the use of solid information security practices.

Develop an Information Security Program (ISP):
A company’s information security program must consist of much more than just policies and procedures. Think of an information security program as an umbrella with a large subset of smaller pieces underneath the umbrella.  Some of the most important aspects of a reliable information security program include:  designation of an Information Security Officer, including expectations of that individual; policies and procedures; change management controls; separation of duties; security training; incident response; end user computing acknowledgement; risk assessment; contracts; business continuity plan and general documentation.  Some of this is discussed in further detail in the section below.  Although the designation of an Information Security Officer is required, it is equally important to establish an Information Technology steering committee that meets regularly and includes members of management outside of the IT Department.  In order to run a successful company and use technology as a means of competitive advantage, management and the IT Department must work together to approve and prioritize projects, evaluate the effectiveness of  a project or system and review and enforce the information security program.  The policies, end user computing acknowledgment and other material found in the information security program have been found to carry much more weight to all employees when there is support from management, outside of the IT Department.  It is never acceptable to simply develop an information security program and think of that as a “one-time” task that requires little to no attention.  External and internal threats and risks change daily and not reviewing the information security program on a regular basis will certainly make it obsolete very quickly and put your company behind the curve.

Documentation, Documentation, Documentation:
Employees can be the greatest assets a company has.  However, you must assume that employees responsible for implementing and regulating the information security program may either become promoted or move on to other opportunities.  In these cases, having detailed documentation of all aspects of the information security program is essential and may greatly reduce the likelihood of a security incident occurring when a replacement is hired.  They say a picture is worth a thousand words and in the IT arena, a detailed and complete network diagram is worth a thousand words.  If your company does not currently have an up-to-date network diagram showing all interconnections, interfaces, hardware/software systems, etc., the likelihood of failure in the Information Technology department is probable over time.  Policies and procedures are another great example of documents that must change with the economic condition, new compliance regulations and responses from internal and external auditors.  Current policies and procedures not only portray expectations and responsibilities of each employee, they provide a level of liability protection for the company and its assets.  You will find that most employees do not object to various guidelines represented in an end user computing policy; they simply want to understand where their boundaries are in a clear, concise manner.  As business processes become more complex and a company grows, both financially and geographically speaking, erring on the side of over-documentation is much safer than believing your company has sufficient documentation when indeed it does not.  

While a comprehensive Information Security Program and updated documentation is a great start in protecting a company’s reputation, many times the small things can make the largest of differences.  Since technology has the tendency to shape the way a company does business and competes in its market, it is essential to carefully plan, test and execute changes that could have an effect on your company’s reputation.  As you look at the overwhelming number of security incidents that occur around the world each year, it is amazing to see that many of the incidents could have been avoided had fundamental information security practices been implemented and, more importantly, tested and reviewed regularly.  Staying one step ahead of the “bad guys” is always a tough job, but striving to achieve that goal by educating yourself through various resources will help to reduce the probability that those “bad guys” will be able to tarnish your company’s reputation.

Business to Business Advice Columnist

 

About the Author
Michael Dittmer is the Vice President / IT Manager at American Momentum Bank.  American Momentum Bank is a progressive Florida-based bank that strives to offer a deep understanding of our commercial and retail clients’ immediate and long range goals.  For more information, please visit www.AmericanMomentumBank.com.

 

  

 

 
   
 
 
  Accounting
  Banking
  Branding
  Business Building
  Business Efficiency
  Business Finance
  Buy / Sell Businesses
  Chamber of Commerce
  Commercial Building
  Communication
  Corporate Responsibility
  Crisis Management
  Customer Service
 Dave Ramsey Says...
  Document Management
  Digital Marketing
  Economic Development
  Education & Training
  Emotionomics
  Entrepreneurship
   Family Business
  Franchising
  Gitomer's Sales Moves
  Health & Wellness
  Human Resources
  Insurance
  Land Development
  Leadership
  Legal
  Management
   Marketing
  Multi Media
  Networking
  Personal Finance
  Public Relations
  Raising Capital
  Real Estate
  Recharge
  Risk Management
  Sales
   Self Development
  Social Media
  Strategic Planning
  Suggested Reading
  Systemizing
  Technology
  Travel
  Values
  Websites
  Profiles
 Andy Andrews
 Jeffrey Gitomer
 Dave Ramsey
  Brian Tracy


BABM Business Magazine  © 2012 BABM - PO Box 8552 - Seminole, FL 33775-8552

Internet Marketing by Socius Marketing, Inc. All rights reserved.   Privacy Policy | Contact Us

Business Verified