7 Steps For Better Information Technology and Systems Security

Home
user warning: Table 'solar.actions_assignments' doesn't exist query: SELECT aa.aid, a.type FROM actions_assignments aa LEFT JOIN actions a ON aa.aid = a.aid WHERE aa.hook = 'nodeapi' AND aa.op = 'view' ORDER BY weight in /var/www/atom/includes/database.mysql.inc on line 174.
Published by viorel on March 21st, 2009 in
7 step

1. All IT users must be aware of the risks.

If IT users are not aware of the risks, it is unlikely they will do something to enhance security. The first line of defense is knowledge. The risks are internal and external, and awareness of the potential harm to their organization and to others is or paramount importance. Interconnectivity and interdependency have made organizations vulnerable, so good practices that enhance security can make a real difference.

2) All IT users must be accountable for what they do.

Users are not only responsible for the protection of the information and the systems of their organization, but also for the interconnected systems as well.

3) All IT users must understand Incident Response

Acting in a timely manner to prevent, detect and respond to IT security incidents is important.

Everybody has a role in incident response. The recognition of an attack and the quick alert to the administrators is also very important.

4) All IT users must respect the other users.

The corporate network and the systems are shared, and some actions can harm other users. Ethical behavior is crucial.

5) All IT users must understand the need for a risk assessment

Risk assessments helps to identify problems, threats and vulnerabilities and to make informed decisions for the selection of appropriate controls to mitigate the risks of potential harm to IT systems. Technical and non-technical safeguards may be required and security is a fundamental element of system design and architecture.

6) All IT users must understand the need for IT Security management.

After a risk assessment organizations make decisions about the management of risks, and users must assist in every stage of the process. A forward-looking response to threats in an always changing environment for the prevention, detection and response to IT threats and vulnerabilities is important.

7) Monitoring and Reassessment is crucial

The reassessment is necessary as threats and vulnerabilities change, as the activities of the organizations also change. Modifications to policies, procedures and controls are important as new risks are continuously discovered.

Become a Certified Information Systems Risk and Compliance Professional (CISRCP). Our distance learning and online certification program costs US$ 297

Instead of just training, you have much more:
1. Training
2. Certification
3. Membership in our Association
4. Monthly newsletter with news, alerts and opportunities
5. Networking and exposure to the best headhunters
 

Search Engine Optimization