When it comes to security, IT organizations are all too frequently their own worst enemy. One way to determine that is to take a step back and assess your company’s security portfolio.
Chances are good that if any one of these five warning signs sets off alarm bells, then it’s only a matter of time before something goes seriously wrong with your IT security.
Security is all about cost avoidance. Companies invest in it because they have to. But all the money in the world isn’t going to make a difference if your organization doesn’t have effective security policies in place.
Click through for five warning signs of a weak security policy from SunGard Availability Services.
Policies need to be refreshed annually to reflect shifts in compliance and technology (think mobile computing and social media). Are your policies and procedures living documents? Is your IT staff aware of the documents and do they use them on a daily basis?
Is your legal team even aware of your IS program? Legal fees sometimes dwarf the actual cost of the loss and fix combined, so any IS strategy should include legal participation. Are compliance issues discussed/championed with/by legal? Do they update IT as regulations change?
Annual assessments, audits and remediation are great, but a multi-year strategy can help contain costs while meeting compliance requirements (and, oh yeah, protecting assets). How mature is your IT department? Are they fighting fires day-to-day or conducting long-term planning?
If the CSO, CISO, IT Security Manager or IS Steering Committee report too low in the organization, chances are that any strategic choices may be compromised.
Without in-house expertise, it's tough to assess the quality of vendors, people and technology. In all cases there should be someone in IT that brings focus to IT security. They should also be the primary contact for disaster recovery, incident handling and security questions/concerns from other departments like legal and human resources.