Home > Multi-dimensional enterprise-wide security: An action plan
10 Tips in 10 Minutes:
EMAIL THIS

Multi-dimensional enterprise-wide security: An action plan

10 Jan 2006 | Realtimepublishers.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.

Dividing and distributing the information security responsibilities throughout the entire enterprise can accomplish simplification of complexity. One way to do so is by implementing the following:

  • Assign overall responsibility for enterprise information security oversight.
  • Establish an information security oversight board consisting of management representatives from each business unit and corporate functional office.
  • Assign responsibilities for each of the governance categories:
    • Education through training and awareness
    • Regulatory and legal requirements
    • Audit and validation
    • Policies procedures and standards
  • Assign responsibilities to representatives from each corporate and business unit for each of the security dimensions:
  • Connection Points
    • Endpoints
    • Internet
    • Wireless
    • Dial-In
  • End users
    • Employees
    • Customers and consumers
    • Business partners
    • Contractors and consultants
  • Processing and storage
    • Mobile devices
    • Transmission channels
    • Mainframes
    • Applications
    • Servers
    • Backup media

    MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY

      Introduction
      Protection strategies
      Risk assessment and analysis methodologies
      Define risks
      The goal of an information security policy
      Due diligence
      Corporate reputation
      Audit and validation
      Simplifying complexity
      Divide and conquer
      An action plan

    ABOUT THE AUTHOR:
    Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts