30 likes | 135 Views
Information Security. What is Information Security? “It is the protection of unauthorized access, use, or modification of confidentiality, integrity and availability of data. Whether it’s electronic, print or in other forms.”
E N D
Information Security What is Information Security? “It is the protection of unauthorized access, use, or modification of confidentiality, integrity and availability of data. Whether it’s electronic, print or in other forms.” And what does that mean? That it’s intention is to protect your business, employees, and customers. Why is this important? Because data loss costs money, time, and effort. Per a 2011 report sponsored by Symantec Corp, the average business loses $7.2 million per security incident. This is a 7% increase since 2010. Also ~85% of all U.S. companies experience one or more breaches per year.
Policy Points • Human Resources • First, we need to protect the company from the inside out. This should start with Human Resources, and it should end there by the hiring and exiting processes. We need to make sure we know what every employee has access to, and when they should or shouldn’t have access to it. • Privacy and Confidentiality • Privacy for the company, employees, and customers is vital. As this is the main leak of confidential information. Most people don’t realize how much information they tell outsiders, this portion of the policy makes them self-aware and more cautious of what they say. • Physical and Environmental Security • Security isn’t limited to computer use, it also includes property. We have several locations, the Depot – which has inventory, as well as multiple offices. Carefully guarding property, helps alleviate previous vulnerabilities. • Internet Usage, Web Use, and Email • This means better control and accountability of employee web use and email use. This is important, because these are areas of communication with the outside world. By controlling what types of information leave the company, we effectively protect ourselves. • Security Software • Back to computers themselves. We need to make sure all systems are protected by up to date software.
Other Ways To Protect -Awareness and Training Most employees think the IT Department is the only part of a company that will protect it from viruses, hackers, or anyone who wishes to exploit the company, but that isn’t true. Every employee can protect the company, and we need to teach them how. Training is vital. We need training to explain the policy and help empower employees on the latest scams and techniques. Make them self-aware of this problem, and you’ve closed a big loop hole. - Security Management & Incident Response Team These two teams can be made up of employees who already manage security related items. The Incident Response Team would work off the Incident Response SOP. Which is separate and not available to the entire company. - Exercise Would everyone who has a badge, please take it off and look at it? Do you see any security risks?