Weitere ähnliche Inhalte
Ähnlich wie SECURITY (20)
Mehr von Tony Fanelli (20)
SECURITY
- 1. Healthcare technology solutions are available through the PC Connection, Inc. family of companies. Call today. 1.800.395.8685
Small to Medium Acute or Ambulatory Facilities
www.pcconnection.com/healthcare
Government Owned and Academic Hospitals
www.govconnection.com/healthcare
Large and Acute Care Centers and IDNs
www.moredirect.com/healthcare
©2015 PC Connection, Inc. All rights reserved. PC Connection, GovConnection, and MoreDirect are registered trademarks of PC Connection, Inc. or its subsidiaries. All copyrights and trademarks remain the property of their respective owners. #178640 0615
Top Four Essentials for
Your Security Policy
In an era when security threats morph daily and compliance regulations get more
complex every year, creating a solid and up-to-date security program is crucial.
A good security program must cover your organization end-to-end and line up with
your company’s risk management strategy, and provide all the necessary standards,
guidelines, and policies to enforce the program. It must also be flexible enough to
incorporate ongoing revisions and updates. And it must be enforceable—otherwise,
it’s just an object of employee derision and a waste of time. Below are four critical
attributes of a credible policy.
Don’t Expose Your Organization to Unnecessary Risks
WRITTEN BY STEPHEN NARDONE
1. Create an end-to-end policy (don’t just talk about it).
Research shows that business executives and IT managers alike believe the coordination of a security program across
the organization’s entire data network is essential. Nevertheless, many organizations neglect to include their
whole range of data assets when setting a program and developing policies. End-to-end security means protecting
data from its point of origin, through all points of transit, to its resting point in storage. You need to examine these
points for all of your data, whether they lie on your own servers or in a cloud, and set up measures to address any
potential security gaps. Encryption, authentication, authorization, and other means of access control should all be
included in the policies and spelled out for every type of data. Include information about penalties for violations,
such as revocation of credentials and denial of access, so users can see that the program has merit.
2. Coordinate with risk assessment.
Before you finalize your program, go over your organization’s risk assessment documentation to make sure it
covers all relevant potential hazards identified, including special risk circumstances and industry-specific compliance
regulations. No two organizations are exactly alike, and while it may be tempting to cut and paste a generic policy
from the internet, as many organizations do, you are doing your own organization a disservice unless you address
your specific risks.
3. Build in a plan for updates and revisions.
Once you have a security program in place, review it regularly to make sure it still meets your needs. The IT department
should keep up with current trends, monitoring news and comparing its own program with competitors’ to make
sure that new threats are addressed. Whenever your organization expands its operations, a review should be done,
both to make sure the current program is up-to-date and to account for any new wrinkles the new business line
may introduce.
4. Make it enforceable.
A security program is useless unless all of its provisions can be enforced. Employees will notice unenforceable
requirements and become frustrated and less trustful of the entire program. You can use a variety of security
compliance tools that formulate policy requirements into a database and monitor compliance across networks, fixing
vulnerabilities as they occur. These systems need to be coordinated with anti-virus software, firewalls, and other
security programs already in place.
About the Author:
Stephen Nardone is Director of
Security Solutions and Services
at PC Connection, Inc. with over
34 years of experience in both
the government side and the
commercial side of the security
business. Discover more of
Nardone’s insights on our
official blog, Connected, at
www.pcconnection.com/NardoneBlog