The Business-Technology Weave

Aug 25 2010   1:08PM GMT

Security and Insecurity: Finite vs. Infinite – Pt. III



Posted by: David Scott
Tags:
business security
content management
data breach
data security
data theft
IT plans
IT security
security plans
security policy

Awareness, Action and… Imagination

In Pt. II of this series, we ended by saying that we need awareness and action.  We need collaboration with other organizations in mounting a broad front of proactive protection.  We need everyone’s engagement as a stakeholder and owner of the organization’s health and surety:  You don’t want to work in an unsecured environment, do you?  You want business healthy and whole today, tomorrow, next year, and so on… 

Almost any action is preceded by awareness.  But being aware of threats, so as to mount prudent action of protection, still isn’t enough.  Imagination is key.  Prudent imagination.

The Security field continues to mature.  The security-leader and his or her team can  take advantage of best knowledge through review and appropriate sizing of solutions that have been evidenced elsewhere.  This can be achieved by assessing peer solutions.  Also look to partner with other corporate, community, and even law enforcement entities:  stay alert for leverages that drive down cost, and grant sharing of solutions.

When participating with local, national and even global IT/Security entities and resources, be certain to consider new, growing, and evolving threats – and your required level of protection and response.

Watch for evolving expectations regarding privacy, confidentiality, and associated protections vis-à-vis developing threats (the key here is “developing” threats – not manifest ones that have already popped your security bubble).

In your Finite inside world, battling the outside’s Infinite, how do you determine the appropriate investment in mounting efficient, effective, security?  Try comparing your investment to that being spent by peer institutions – and measure against their return.

Be certain your organization engages staff (the joint owners of security) to boost security awareness and responsibility.

As follow-on, use real breach incidents, both internal to the organization and external, to highlight “lessons learned” in mounting prevention of similar events.

Engage staff by asking them to research and teach security seminars within the organization – regularize the schedule.  This helps to keep costs down while creating a real security force within the organization.

Measure your security campaign’s effectiveness through survey. 

Of course, the real test and measure will be your organization’s overall immunity to breach and loss.

————–

August 25th:  On this date in 1922, the Cubs beat the Phillies, 26-23, in the highest scoring major-league game.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: