There are five steps to creating a good security plan: assess, plan, execute, monitor and repeat.
- Risks Assessment. Identify key digital assets and information that need to be protected, including hardware, software, documentation and data. Review the threats and risks. Make a prioritized list of items to protect.
- Plan. Create a work plan for preventing, detecting and responding to security threats. Identify who will be responsible for implementing and monitoring the plan. Agree a timetable for implementation.
- Execute. Communicate with staff. Train where necessary. Remediate until all know threats are mitigated.
- Monitor. Continue to monitor for new threats and followed with prompt remediation. Build a mindset that security is a discipline and build this mindset into your culture. Software tools alone can’t secure your data. Continue to educate end users and those that have access to the data. Update and modify the plan as changes occur in personnel, hardware or software.
- Repeat. Plan for a complete review periodically. Consider assessing quarterly but not longer than a time from of six to twelve months after you complete the first plan or when your business goes through significant changes.
Commit to the program and don’t wait until an incident disrupts your business. It isn’t the breach that will really cost you it is the tarnished image that businesses get following the breach is the most costly. Statistics show that customers, typically the high profile ones, will abandon a company or system if they feel uncomfortable with the security of it.
Here is a great example.
- Remote Computing Goes Rogue: There’s an App for That! (itexpertvoice.com)
- As Mobile Devices Explode, So Do The Corporate Security Risks (blogs.forbes.com)