jump to navigation

Information Security Programs May 5, 2009

Posted by Nikk in Information Security.
Tags: , , , ,

Somebody asked me today what I would consider the top things to include in an Information Security Program.

The first thing that comes to mind is a well documented, highly visible IT Security policy. I believe that the IT Security policy is the foundation of a good ISMS and helps in recruiting and maintaining the appropriate level of visibility at the executive level. Along with that comes a strong representation of IT security within the business at board level. From a practical standpoint having a good information security policy is followed by having the appropriate technical support in place to ensure that the business can perform its functions. 

Having policies and technical controls in place such as:

·     Consolidated and global:

  • Anti-Virus management
  • Anti-Malware management
  • Desktop patching
  • Server patching
  • IDS/IPS/ Firewall deployment with consolidated logging
  • Secure email, fax and printing
  • Data stream encryption, file encryption/full disk encryption
  • User training, personnel vetting
  • User rights controls, separation of duties controls, and data classification to assist in IP control


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: