Yes I am sure you heard the saying: If you fail to plan, Plan to fail
How does one plan for as secure as possible while also meeting business objectives?
Harry Folloder(CIO of Advantage WaypointLLC – 10$Bil in food service sales) has 6 tips in this article:
Being in charge of a large IT department one has to get these things at least marginally in the right direction, so here are the 6 tips:
1. Think about the business process first, not the technology
2. Respect your customers
3. Keep it simple
4. Understand your users
5. Incorporate endpoint backup
6. Have a contingency plan
What I found interesting in these 6 “tips” is no push for security, in fact the undeniable theme is to ensure business is conducted well and efficiently. The only place security is a focus is in the contingency plan #6.
How important should security be? And how should it be presented across the enterprise?
Single sign-on authentication was mentioned, without a mention of the importance of the userid – password confidentiality- of course one should not give the public any details of security policy.
But it is obvious that this company is more interested in business than security.
This is obviously the Security plan of most companies. In fact some companies only push security for compliance reasons, and we all know compliance is not security:
But there does obviously need to be a higher awareness of security in a company, because it is in the interest of the company to have a secure environment. The problem is that users must understand this, and they must realize that all users will be affected with a severe security breach (like at Sony).
The lax environment at Sony was also a help to the hackers which were able to attack many portions of the network once an initial breach occurred.
And as in the image above a security breach can have business affects (which means business and security do affect each other directly and indirectly).
So how would I do this? Of course every company is different, but I would make more emphasis on security, not just the operation of the company. It is important to keep both in mind, as a focus on one will ensure that security is pushed down in priority and thus we “fail to plan”.
Contact Us so we can help you work on Security policies of your company.