Baseline June 2009 Issue 96 Baseline May 2009 Issue 95 Baseline March 2009 issue 93 Baseline_wrap March 2009

Baseline Magazine Baseline April 2009 Issue 94 : Page 19

1234567891012345 8910123456789101 4567891012345678 0123456789101234 7891012345678910 3456789101234567 1012345678910123 6789101234567891 2345678910123456 9101234567891012 HERE ARE 10 WAYS TO PROTECT YOUR COMPANY’S DATA. By Ericka Chickowski AS MORE ORGANIZATIONS REALIZE THAT USING PERIMETER AND ANTI-VIRUS technologies alone is like locking their doors but leaving their windows open, it’s become evident that enterprises must upgrade their security practices in order to prevent huge data breaches like the one announced by Heartland Payment Systems this past January. The consensus among security veterans is that enterprises must take an information- 1215678910123456789 centric risk management approach. The following 10 steps can provide a strong foundation for your organization’s information security strategy. 34567891012345 8910123456789101 4567891012345678 0123456789101234 7891012345678910 3456789101234567 1012345678910123 6789101234567891 MESHING YOUR COMPANY'S SECURITY AND COMPLIANCE EFFORTS First and foremost, your enterprise should approach the security problem with a com- prehensive risk-management strategy that prioritizes information based on its importance to your orga- nization and on regulatory requirements that neces- sitate its protection. This prioritization should then inform your company’s decisions about where IT security will concentrate its efforts. “We look at the information across different forms and in the different places that it calls home,” says Adam Hansen, director of information security for Sonnenschein Nath & Rosenthal, a national law firm with more than 800 attorneys and 15 offices in the United States and Europe. “So we start looking at how we can protect that information and what level of pro- tection we can afford. If the information is of no value or is valued at less than the cost to secure it, why would we throw money at a problem that doesn’t exist?” Compliance will play a part in this risk prioriti- zation because the risks of noncompliance are very real. However, most security experts agree that you shouldn’t make compliance concerns the be-all and end-all driver of security initiatives. pliance does not guarantee that an organization is secure. Nevertheless, if compliance is baked into the strategy without holding too much influence, it can be a great tool for building consensus and support among executives who might otherwise be reluctant to open the purse strings. “The auditor is one of my best friends,” says Brian McConnell, associate vice president of IT risk management for Aegon Canada, part of Aegon, an international provider of life insurance, pensions and investment products that’s headquartered in The Hague, the Netherlands. He explains that in one case he was able to score more funds to implement data- base security due to an auditor’s recommendations to the company’s executives. Governance, risk and compliance (GRC) tools can definitely play a big role in ensuring that you have a healthy compliance and risk management program and can point out where your program needs work. “It falls on management and the IT department to ensure that there are comprehensive security measures in place and that an internal audit will validate the assumptions of the controls,” says Josh Golden, director of internal audit for Kulicke & Soffa 10123456789101 4567891012345678 0123456789101234 7891012345678910 3456789101234567 1012345678910123 6789101234567891 2345678910123456 9101234567891012 HERE ARE 10 WAYS TO PROTECT YOUR COMPANY’S DATA. By Ericka Chickowski AS MORE ORGANIZATIONS REALIZE THAT USING PERIMETER AND ANTI-VIRUS technologies alone is like locking their doors but leaving their windows open, it’s become evident that enterprises must upgrade their security practices in order to prevent huge data breaches like the one announced by Heartland Payment Systems this past January. The consensus among security veterans is that enterprises must take an information- 1215678910123456789 centric risk management approach. The following 10 steps can provide a strong foundation for your organization’s information security strategy. 34567891012345 8910123456789101 4567891012345678 0123456789101234 7891012345678910 3456789101234567 1012345678910123 6789101234567891 MESHING YOUR COMPANY'S SECURITY AND COMPLIANCE EFFORTS First and foremost, your enterprise should approach the security problem with a com- prehensive risk-management strategy that prioritizes information based on its importance to your orga- nization and on regulatory requirements that neces- sitate its protection. This prioritization should then inform your company’s decisions about where IT security will concentrate its efforts. “We look at the information across different forms and in the different places that it calls home,” says Adam Hansen, director of information security for Sonnenschein Nath & Rosenthal, a national law firm with more than 800 attorneys and 15 offices in the United States and Europe. “So we start looking at how we can protect that information and what level of pro- tection we can afford. If the information is of no value or is valued at less than the cost to secure it, why would we throw money at a problem that doesn’t exist?” Compliance will play a part in this risk prioriti- zation because the risks of noncompliance are very real. However, most security experts agree that you shouldn’t make compliance concerns the be-all and end-all driver of security initiatives. pliance does not guarantee that an organization is secure. Nevertheless, if compliance is baked into the strategy without holding too much influence, it can be a great tool for building consensus and support among executives who might otherwise be reluctant to open the purse strings. “The auditor is one of my best friends,” says Brian McConnell, associate vice president of IT risk management for Aegon Canada, part of Aegon, an international provider of life insurance, pensions and investment products that’s headquartered in The Hague, the Netherlands. He explains that in one case he was able to score more funds to implement data- base security due to an auditor’s recommendations to the company’s executives. Governance, risk and compliance (GRC) tools can definitely play a big role in ensuring that you have a healthy compliance and risk management program and can point out where your program needs work. “It falls on management and the IT department to ensure that there are comprehensive security measures in place and that an internal audit will validate the assumptions of the controls,” says Josh Golden, director of internal audit for Kulicke & Soffa WWW.BASELINEMAG.COM WWW.BASELINEMAG.COM Most IT security experts will tell you that com- ILLUSTRATION BY RANDY LYHUS BASELINE APRIL 2009

Previous Page  Next Page

Publication List