Elements of a good security program

Elements of a good security program:

             In General, a good security program will provide the big picture for keeping the data secure. It represents the every part of the company stays involved in the program in a holistic approach. It is not an incident handling guide that happens if a security breach detected. It’s also not a guide to doing periodic charges, though it probably does dictate when to do a safety assessment.

              It defines what type of data is involved and which is not, it also evaluates the risks of company faces, and their plan to decrease them. And it indicates how often the program will be re-evaluated and updated, and when you will assess compliance with the program.

Designated security officer:

        For most security regulations and standards, having a Designated Security Officer (DSO) is not optional — it’s a requirement. Your security officer is the one responsible for coordinating and executing your security program. The officer is your internal check and balance. This person or role should report to someone outside of the IT organization to maintain independence.

Risk assessment:

         This component identifies and assesses the risks that your security program intends to manage. This is perhaps the most important section because it makes you think about the risks your organization faces so that you can then decide on appropriate, cost-effective ways to manage them. Remember that we can only minimize, not eliminate, risk, so this assessment helps us to prioritize them and choose cost-effective countermeasures. The risks that are covered in your assessment might include one or more of the following:

·         Physical loss of data. You may lose immediate access to your data for reasons ranging from floods to loss of electric power. You may also lose access to your data for more subtle reasons: the second disk failure, for example, while your RAID array recovers from the first.

·         Unauthorized access to your own data and client or customer data. Remember, if you have confidential information from clients or customers, you’re often contractually obliged to protect that data as if it were your own.

·         Interception of data in transit. Risks include data transmitted between company sites, or between the company and employees, partners, and contractors at home or other locations.

·         Your data in someone else’s hands. Do you share your data with third parties, including contractors, partners, or your sales channel? What protects your data while it is in their hands?

·         Data corruption. Intentional corruption might modify data so that it favors an external party: think Trojan horses or keystroke loggers on PCs. Unintentional corruption might be due to a software error that overwrites valid data.