|
|
Advanced
How To Guides
eSecurity
4.0 Now I understand the basic terminology, what
do I do next?
A basic five-step approach is outlined below.
4.1 Analyse / Assess:
The following terminology is often used in describing
the fundamentals of a good security program:
- Confidentiality
- only authored parties can read the details of
transactions on your information systems
-
Integrity - unauthorised modifications of transactions
will be detected
-
Availability - systems are reliable and recoverable
a.
Determine your requirements:-
What do you need to protect?
-
What business information requires a high level of confidentiality and integrity?
-
What information and systems must be reliable and available?
b.
Review the current state of your security program:
-
What are you currently doing to ensure the confidentiality,
integrity, and availability of your important business
information and systems? Are you assuming your Internet service provider is taking care of security?
-
What data are you protecting? Employee data, customer data, business data?
-
Are your systems password protected?
-
Do you have timely backups?
-
Do you have restricted access to sensitive data?
c.
Determine what your potential losses could be including the impact to your good
name.-
What level of risk are you willing to accept?
d.
Determine your cost break-even point based on realistic assessment of the security
threat to your business.
-
What would the cost to your business be if suppliers
knew what you paid the competition?
-
What would happen if your competitor found out the
next product line or acquisition plans?
|
|
