Monday, June 8, 2015

Security is a State of Mind much more than Product Selection

Information security is a systematic approach to protecting the assets of an entity - business or private.

I am deluged daily with offers of some new whiz-bang security product or service.  They offer to be "the complete and secure" tool for implementing information security.  If this is your approach to security, you need help.

First, security requires a thoughtful and well conceived approach which doesn't interfere with the performance of the business or person but does include the procedures, policies and tools needed in a complete system.  Don't misunderstand me, there are some great tools available but they need to be selected, implemented and monitored properly to offer the protection needed.

We need to understand that security is like many other aspects of IT - there are definite benefit to cost  features we need to evaluate.  Having secure data may or may not be important to you.  If it is important you will want effective and usable processes with reasonable costs based on the potential cost of lost or misplaced data.

First, determine what kinds of information need to be protected from discolure.  Consider scenarios such as these:

  • What's the potential costs of a key executive's laptop computer being stolen?
  • What happens if a Sales Manager quits and has the current customer lists on his or her laptop?
  • What kind of information about upcoming products or marketing plans would be valuable to a competitor?
( More in progress ).