Image : http://www.flickr.com
The creation of a security program should be based on risk. If security is addressed as a theoretical exercise, it is often a sentence to defeat itself. I have seen both in an academic environment in which to teach the concepts of security as "absolute" and to teach in a professional environment, if the absolute position lead to conflict, resentment and backlash. A risk-based approach to safety is a practical approach to security. But we must first examine two fundamental questions: What isRisk and a danger to what? The answers vary from company to company and every organization has to go through the process of identifying yourself, go for the answers. Without these organizations tend to look at best practices and follow them, regardless of its necessity.
Risk is a probability in continuous evolution that is used a vulnerability, weakness or lack of control of security from a threat agent (hacker, careless employees, natural disasters, etc.), leading to negativeConsequences of a society. In short, the probability that something bad will happen. It is always a certain risk, however, a robust security program must be able to reduce it to an acceptable level for the management of the organization. , Is called risk management. "I recently had a consultation with a small business account that was ready to lose his" And the man. "Covers everything from the technical configuration of Outlook on your desktop to run the company server, host --mission-critical applications, and was co-located "somewhere". Visited the server several times a month, and apparently no one knew why he went and what he did there. There is no evidence of any kind, wanted to leave in less than a week, and were trying to find a replacement. They saw, as in this example, are employed by individual par for the course of small businesses like this, but this leads to considerable risks, particularly if the person is unhappy andleave. My advice before them was to document that (as best he could) know what is not on a daily basis and why. Hopefully he learned a lesson here would be his replacement for the same routine.
Regarding the topic of this risk, we must refer to the three most important principles of security: confidentiality, integrity and availability. A security program must be independent of company size, to protect against the risk of unauthorized disclosure and modification of aOrganization and data to ensure that data and resources are available if needed. Risk management should also include information, personnel, processes and materials and techniques. The effectiveness of a security program that depends on how you deal and reduces the risk of an organization faces. But first we must recognize the risks.
Know what are the risks facing your company?
0 comments:
Post a Comment