News that the hacking group LulzSec says it's finished with its "data dump" site cracking campaign was immediately meet with warnings from all quarters that another group of cyber criminals will most certainly take its place - and soon.
No matter what security measures you put in place, someone will almost immediately try to crack it. Sometimes it may be for mischief - even pretty high-profile mischief, as with the LulzSec group - and sometimes it's to steal your valuable data and customers' private information. No matter what security measures you have implemented, you have to be ever-vigilant to ensure they are working.
The Security Assessment Policy template, from our partners at Info~Tech Research Group, helps your company codify its focus on security by setting schedules for both:
Areas of your infrastructure that should be subject to security review are:
The modifiable Word template suggests running security assessments at least annually and vulnerability assessments quarterly. The policy also suggests hiring third parties to regularly validate the diligence efforts of your internal staff, and spells out employee disciplinary measures for lax security - it is a policy template, after all.
The IT Downloads Library includes several helpful tools for evaluating your business' security culture. Be sure to check out these other resources.
The Fundamentals of Small Business Information Security, a 20-page publication from the National Institute of Standards and Technology, gives a complete overview of the importance of security from a data-centric perspective. Be sure to check out the appendixes, which offer tables to help you rate the value of your data and the possible impact on your business of data breaches, as you can see in the image below.
The Security of Information Technology Resources Policy from Indiana University is a good starting point for organizations looking to adopt a more formal approach to security. The policy spells out several protocols, including how to report security incidents up to senior management.