Make Security Review a Matter of Policy

News that the hacking group LulzSec says it's finished with its "data dump" site cracking campaign was immediately meet with warnings from all quarters that another group of cyber criminals will most certainly take its place - and soon.


No matter what security measures you put in place, someone will almost immediately try to crack it. Sometimes it may be for mischief - even pretty high-profile mischief, as with the LulzSec group - and sometimes it's to steal your valuable data and customers' private information. No matter what security measures you have implemented, you have to be ever-vigilant to ensure they are working.


The Security Assessment Policy template, from our partners at Info~Tech Research Group, helps your company codify its focus on security by setting schedules for both:


  • Security Assessments, where your team validates that systems in place are operating, and
  • Vulnerability Assessments, in which your team actually tries to punch holes in your security solutions, even if they are working to spec.


Areas of your infrastructure that should be subject to security review are:


  • Mainframes, servers and other devices that provide centralized computing capabilities.
  • SAN, NAS and other devices that provide centralized storage capabilities.
  • Desktops, laptops and other devices that provide distributed computing capabilities.
  • Routers, switches and other devices that provide network capabilities.
  • Firewalls, IDP sensors and other devices that provide dedicated security capabilities.


The modifiable Word template suggests running security assessments at least annually and vulnerability assessments quarterly. The policy also suggests hiring third parties to regularly validate the diligence efforts of your internal staff, and spells out employee disciplinary measures for lax security - it is a policy template, after all.


The IT Downloads Library includes several helpful tools for evaluating your business' security culture. Be sure to check out these other resources.


The Fundamentals of Small Business Information Security, a 20-page publication from the National Institute of Standards and Technology, gives a complete overview of the importance of security from a data-centric perspective. Be sure to check out the appendixes, which offer tables to help you rate the value of your data and the possible impact on your business of data breaches, as you can see in the image below.


The Security of Information Technology Resources Policy from Indiana University is a good starting point for organizations looking to adopt a more formal approach to security. The policy spells out several protocols, including how to report security incidents up to senior management.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.