Ten Rules of Information Security

Dear Readers,

As our new StarterKit regarding IT business already came out on the website, we are glad to share with you a post about golden rules for future or already successful CEOs of an IT company.

Find it useful and employ the below tips for extensive and up-to-date security solutions!

Respectively,

PenTest Magazine Team!

1. Have full focus on the information security at large: all programs should begin with a control framework such as essential information security. This will afford you the right to know what you are protecting and why you are protecting it.

2. Study your competitors: it is of a truth that all business/organization have a competitor, at this point you will be able to identify all your competitors, study their ways of management, understand their capabilities, and know their strength and weak point. You should understand the attack vectors that they use regularly against similar organizations and also the defenses that others have successfully used against them; this will help you to work on their strength and capitalize on their weak point and thus gives you an edge over your competitors.

3. Detect and manage risk: you should note that risk cannot be buried but it can be reduced and managed. Identify the risk in your business and moderate them as soon as possible, consider necessary specific risk and operations. Adapt your personal risk model as the threat changes to do more with the same resources. Please know that you cannot eliminate risk entirely but you can reduce and manage it.

4. Apply defense-in-depth measures: This tenet addresses adversaries and insider threat, with human error and social error inclusive. Ensure quality controls are in place to curb data from disclosure or modifications. Maintain an inventory of applications, databases and related systems, with mapping to sensitive data and intellectual property. For highly sensitive intellectual property or confidential information, consider strict controls.

5. Align with business products, services and objectives. This is necessary to accomplish the goals of information security and to stay relevant within the company. Expand beyond merely protecting what is mandated, such as credit card and social security numbers. Learn how the business functions, including how revenue is generated. Align recommendations for security initiatives with threats to strategic business objectives. Protect the intellectual property of the company. Understand risk to strategic objectives, how that is quantified, monitored and mitigated. Consider embedding risk and security professionals within lines of business.

6. Your strength is a function of your weakest link: You can build the tallest, smartest, strongest wall possible around your compound, but it is useless if you don’t lock the gate. Always remember to secure every aspect of your business.

7. People are your solution: there is a need for you to realize that people are your biggest asset. For you to fulfill the important role of generating income, they are most effective and intelligent early warning system. Any security process that you design should have your people at its heart, and should focus on training them to add to your organization’s security.

April 4, 2014

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013