10 Tips in 10 Minutes

Multi-dimensional enterprise-wide security: Protection strategies

This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.


There is no magic bullet solution that, in and of itself, will secure all enterprise information assets and systems in compliance with all contractual and legal requirements. Multiple protection strategies must be used to most effectively reduce and manage the risks that exist within today's highly decentralized and widely connected systems.

As a starting point, the strategies can be visualized as a combination of protecting connection points and processing and storage locations as well as educating the people who utilize them. The figure below represents these multi-dimensional topics and examples of the underlying components.

All these components are then working and handling information within the requirements outlined within policies, procedures, and standards, regulatory and legal requirements, education, and under the watch of audit and validation, as the figure below represents.

Each business unit must deal with these clouds of information security considerations. The typical organization will have many business unit information security clouds addressing these issues. Highly diverse multinational organizations will literally have information security considerations clouds covering significant areas of the earth, similar to the situation illustrated in the following figure.

The information components and issues within even the most seemingly simple organization can in actuality be quite complex. In a large organization, it can become almost overwhelming to information security practitioners to secure all these components and address all these issues. It is critical with so many components and issues to consider that organizations simplify the complexity as much as possible to be able to implement a successful information security program and subsequently help avoid dealing with information security incident storms that could result from all these volatile security considerations clouds crashing into each other. The first step in preventing your worldwide information security environment from experiencing destructive information security storms is to perform a risk analysis and assessment.


MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY

  Introduction
  Protection strategies
  Risk assessment and analysis methodologies
  Define risks
  The goal of an information security policy
  Due diligence
  Corporate reputation
  Audit and validation
  Simplifying complexity
  Divide and conquer
  An action plan

ABOUT THE AUTHOR:
Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: