Make sure your Board, CEO, and CIO are in alignment on business risk and security
Establish your Governance Framework
It is critical to make sure you determine your risk tolerance and have alignment on security policy before starting any Security project. While some businesses have data that makes them prime targets for hackers and need a very high level of security, it is not so obvious what level of security is required for most businesses to be safe. While everyone needs to implement the basics, how many layers of security are necessary for the business to stay safe from attacks? What is the level of risk that the business is willing to tolerate so that management can sleep well at night?
If money were not an issue, businesses would implement more security but how does that security affect the ease of use of the network? Best practices for security often conflict with an executive expecting to get special privileges so that they are exempt from the security controls in place to keep the business safe.
Cover the basics
Before you start implementing additional security, make sure you have covered all the basics.
- Are all of your existing security measures properly configured?
- Are all of them up to date and properly patched?
- Are all devices under maintenance contracts?
- Are you currently enforcing all of the existing security policies and procedures?
Clarify the trade-offs
Next, the business has to be educated and understand the trade-offs of increasing security vs the risk to the business to continue the status quo. Do you have plans to recover in case of an incident? If so, is it adequate or do you need to increase your security posture?
Can you take on a security upgrade all in one step? What steps can you take immediately that will not have a major impact on your user base? What is the risk of not bringing your security up to an adequate level immediately? What is the risk to the company if you phase in the security enhancements?
By asking all of these questions you can align your security with your business requirements and bring your security to a level that lets everyone sleep well at night.
Do you need help making your business safer? Please reach out for a free initial consultation.