Security Made Simple

They say simplicity is the key to success – but can IT security be made simple? It can, according to consulting firm One eSecurity.

Step 1: Identify critical and exposed assets
Large organisations typically have tens/hundreds of thousands of IT assets (networks, systems, applications, users and data). Any analysis on that massive amount of assets will fail. Identify business critical and/or specially exposed assets and focus on them first.

Step 2: Assess the threats to your assets, your weaknesses and strengths
Internal assessments should be performed regularly, complemented with periodical external ones. Take good practice standards as a reference.

Step 3: Establish your risk appetite
The threats associated to each asset introduce a risk that you will have to manage, either mitigating it through security measures or accepting potential losses.

Step 4: Design and implement protection, detection and reaction measures
Develop short, middle and long term strategies and implementation plans: protection technologies and processes to protect your assets, detection to identify when protection fails, and reaction to respond to incidents and mitigate their impact in a timely manner.

Step 5: Integrate security in everything you do
Security cannot be an afterthought, it must be integrated in every business process from the start. Train key personnel in every IT department so they can proactively provide security advice.

Step 6: And look for help if you need it
There is no silver bullet in IT Security, no 100 percent security, no perfect product that solves all your needs. An appropriate and cost-effective combination of security technologies must be designed to fit your specific environment and needs. If you don’t have in-house expertise to do it, consider looking for external help or even outsourcing IT/security, but remember to put in place appropriate SLAs and keep in-house expertise to evaluate the service.

Don’t lose focus. Keep things simple and you will succeed.