|
IT POLICIES AND PROCEDURES ARE THE CORNERSTONE
TO DATA PROTECTION
You’ve heard it said that data security begins
with good IT policies and procedures. So what does this mean?
A security policy describes the security controls that are in
place within the organization to protect company data. Documented
security and technology “Acceptable Use” policies
are the foundation of your security infrastructure. Without
the appropriate security policies, you leave your organization
open to potential lost revenue, legal issues and possible negative
business impact. Procedures are the step-by-step technical processes
of how a policy will be implemented. These procedures will dictate
the specifics to be used, who will execute the specific steps
of each policy, and how they will be enforced and monitored.
You may have policies in place, but unless they are documented
they may not hold up under legal scrutiny if challenged. It
is a known fact that the first line of defense is the employee
handling sensitive data, so awareness training on the importance
of data security is crucial. In almost every breach notification
in the news, there is a statement from the disclosing company
that better employee data security training will ensue. But
training without IT controls will miss the mark. In order to
ensure fewer data losses, companies also need to spend more
time monitoring IT controls and procedures, understand the need
to identify sensitive business data and who has access to it,
mitigate user errors through policy violations, and update policies
to meet current processes.
Industry analysts have once again identified company insiders
as a leading threat to data security. This is your queue to
enhance preventative measures such as implementing and monitoring
IT controls.
|
