Information Security Tips You May Not Have Considered

A Second Look at the Risk Analysis A Second Look at the Risk Analysis

Include the administrative and physical components of security - not just the technical aspects - in your risk analysis.

Raise Authority Raise Authority

Put your information security officer (ISO) in a reporting relationship with necessary authority to carry out the security mission.†For example, have the ISO report to both your CIO and CEO.

Improve Documentation Improve Documentation

Document other security roles and their responsibilities, such as your information owners.†Train personnel in these roles, and hold them accountable.

Worries at Home Worries at Home

Don't forget about†users who occasionally work at home with confidential information.†Usually we implement secure†remote connections.†But†also be sure their computing device is secure (e.g., encryption-enabled) and not shared with others.† Preferably require that it be issued by the organization.

ID Your Users ID Your Users

Clearly identify network/system users who are not your employees, and impose tighter access†controls.†Put end dates in their user accounts,†and require frequent user verification†by the user's sponsor to ensure third party terminations and job changes†are reflected in your systems.

Time to Upgrade Time to Upgrade

When inheriting legacy systems - e.g., as part of an acquisition - make it a top priority to check basic security settings such as password standards, and promptly bring them up to current standards where needed.

From Kate Borten, president of HIT security consultancy the Marblehead Group, here are some security tips that may not be top of mind when taking a new look at an organizationís security posture.

 

Already a subscriber? Log in here
Please note you must now log in with your email address and password.