Multi-dimensional enterprise-wide security: Simplifying complexity |
 |
| 10 Jan 2006 | Realtimepublishers.com |
|
|
This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.
The beginning of this chapter discussed the many different components and multiple dimensions of addressing information security. Many organizations find themselves trying to fight fires and tackle all the related information security issues without first taking the time to create a thoughtful information security strategy. The strategy needs to simplify the complexity resulting from such highly diverse, dispersed, and dimensional environments.
Organizations must simplify the complexity of information security management by taking the large number of technology, human, and compliance issues and making them understandable to the business. At the same time, organizations must implement solutions to integrate these issues throughout all business processes so that information security is built-in to all products and services from the beginning of a business idea right through until the resulting service or product is no longer offered.
These complexities can be simplified using a common framework of information security disciplines and by getting the support of the information security efforts by the leaders throughout the organization rather than focusing on each individual issue at a time. The first step in simplifying information security complexity is by appointing an enterprise-wide information security officer to oversee and coordinate information security activities and decisions for the entire enterprise. This oversight will not only be the first step in simplifying complexity but also lead to consistency in addressing information security issues throughout the enterprise.
MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY
 Introduction
Protection strategies
Risk assessment and analysis methodologies
Define risks
The goal of an information security policy
Due diligence
Corporate reputation
Audit and validation
Simplifying complexity
Divide and conquer
An action plan
ABOUT THE AUTHOR:
|
|
Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.
|
|
|
|
|
|
