10 Tips in 10 Minutes

Multi-dimensional enterprise-wide security: Simplifying complexity

This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.

The beginning of this chapter discussed the many different components and multiple dimensions of addressing information security. Many organizations find themselves trying to fight fires and tackle all the related information security issues without first taking the time to create a thoughtful information security strategy. The strategy needs to simplify the complexity resulting from such highly diverse, dispersed, and dimensional environments.

Organizations must simplify the complexity of information security management by taking the large number of technology, human, and compliance issues and making them understandable to the business. At the same time, organizations must implement solutions to integrate these issues throughout all business processes so that information security is built-in to all products and services from the beginning of a business idea right through until the resulting service or product is no longer offered.

These complexities can be simplified using a common framework of information security disciplines and by getting the support of the information security efforts by the leaders throughout the organization rather than focusing on each individual issue at a time. The first step in simplifying information security complexity is by appointing an enterprise-wide information security officer to oversee and coordinate information security activities and decisions for the entire enterprise. This oversight will not only be the first step in simplifying complexity but also lead to consistency in addressing information security issues throughout the enterprise.


MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY

  Introduction
  Protection strategies
  Risk assessment and analysis methodologies
  Define risks
  The goal of an information security policy
  Due diligence
  Corporate reputation
  Audit and validation
  Simplifying complexity
  Divide and conquer
  An action plan

ABOUT THE AUTHOR:
Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: