Risk management concerns proactively identifying, assessing, and mitigating potential financial, legal, and security risks to your organization. All security programs are essentially about managing risk to ensure protection of data and assets against intrusion, leaks, and loss. While you can’t prepare for every possible risk, you should be able to identify many of them, such […]
Incident response concerns your ability to respond to a data breach, cyberattack, or other threat to your data, systems, and reputation. It also includes the way that you will attempt to mitigate the consequences of the attack, breach, or other potentially disastrous incident. A good incident response plan needs to be in place before an […]
Asset management is vital to your organization’s security posture. A good asset management policy will allow you to immediately know who has keys, laptops, mobile devices, or other physical assets, and it will help you regain such assets when people leave your organization. Additionally, in the world of remote access and working from home, a […]
Physical security concerns the protection of personnel, hardware, software, networks, and data from real-world threats, actions, and events such as fires, floods,and natural disasters, as well as burglary, vandalism, and terrorism. Physical security defenses should be deep and layered, and should outline measures such as clean desk policies, laptop timeouts, and locked filing cabinets to […]
Business continuity concerns your ability to keep your business running in the event of a disaster, malicious attack on your systems, or breach of your security. A strong security posture will help you keep your business up and running if this occurs. With business continuity planning, your security systems have redundancies and backups, so that […]
System security concerns the security steps you take to ensure your servers and resources are safe from downtime, interference, or potential malicious intrusion. More specifically, NIST defines it as “the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to […]
Application security (AppSec) concerns the security measures built into applications. The aim is to prevent data or code being stolen or hijacked within the app. Ideally, application security will be built in during software development, and will be strengthened continuously after application deployment. A good application security posture will leverage hardware security, software security, and […]
Network security concerns the protection of your computer network and its data. Your network includes interconnected devices like laptops, servers, and wifi routers. To help you protect them all against potential attackers, you should use a mix of software and hardware tools. Protecting your network is important in order to prevent hacking or security breaches […]
Data classification is the process of segmenting data into tiers with different levels of protection to ensure privacy is maintained. Tier 1 contains sensitive data, such as protected health information, educational records, cardholder data, and other similar data. Tier 2 contains company confidential data, such as financial records, employee phone numbers and home addresses, personnel […]
Identity and access management (IAM) ensures that only those with the correct digital identification are able to access systems and data. With IAM policies and procedures in place, your IT managers can precisely control which users are able to access which data, either with role based permissions, or down to the user level. The overall […]
