"It can't happen here" is no excuse
Security experts love metaphors and the seminar several of the editors attended was no exception. The presenters compared computer security to arming for battle and used an ancient text to relate the steps to secure an organization's computer systems. Distilled from six hours of very interesting lecture by very expert security experts, here's the essence of what we learned, in a five-step security plan:
1. Know Your Territory
Describe your business and its risks. Do a risk assessment, then ask what your assets are, who controls them, and where access occurs.
2. Prepare Your Strategy
Formulate your security policy and architecture. Develop architecture that takes into consideration your organization's and industry's regulations; create policies that address potential and actual threats.
3. Choose Your Weapons
Specify the solutions that will help you, including people, processes, and technology.
Create support for your security solutions and figure out how you'll test, monitor, and sustain them. Decide how you'll audit, do maintenance, and achieve business continuity as employees come and go.
Educate your employees. Go beyond telling and make sure those in the trenches realize the importance of security measures so they don't see them as an irritation to be avoided