Security road map lock shop (Pt 1)Wednesday, June 23, 2021
In our previous articles, we looked at the importance of identifying all an organisation's critical assets to establish a clear understanding and awareness of associated risks.
In the next set of articles, we will look at how we protect crucial assets by employing the LOCK SHOP approach.
Essentially, we will focus on six main areas designed to limit or contain the impact of a potential cybersecurity event. These areas are:
1. Identity management and
access control (IAM)
2. Information protection
processes and procedures
3. Data security protection
(yes, there is a difference)
4. Management of protection
technologies
5. Security awareness and
training
6. Security maintenance
activities
Identity management and access control
Identity management and access control, sometimes referred to as identity access management (IAM), is how an organisation manages digital identities and user access to information systems. Businesses must ensure that users have the proper access privileges to do their jobs. Companies must implement policies and technologies to monitor access, minimise risks, improve compliance, and increase efficiencies across the entire organisation.
Information protection processes and procedures
There must be definitive documentation of the policies that govern what is being protected and how it is protected. This becomes even more important in the digital realm where data, sensitive and otherwise, is very portable. Organisations must ensure that there are documented policies and guidelines as to how all data and information systems are to be treated and what the consequences are for breach of these policies. There must also be yearly reviews of these policies to ensure relevance and compliance.
Data security protection
Data security works in conjunction with the organisation's risk strategy to protect the information's confidentiality, integrity, and availability. As such, organisations must have a clear plan on how information, records, etc, are protected “at rest” and “in transit”. Additionally, management of data life cycle, retention and destruction regimes must be deployed and reviewed regularly.
Our next article will explore management of protection technologies, security awareness as well as training and security maintenance activities.
Trevor Forrest is founder and CEO of 876 Technology Solutions. Christopher Reckord is CEO of managed IT services provider tTech Limited. Collectively, they have approximately 80 years of experience helping organisations of varying sizes procure and implement information technology solutions and transform digitally.
