One of the most important and foundational security principles that every business should employ is the development or assessment of a security program. So, what exactly is a security program? It’s a set of guidelines expressed through documented policies and procedures that your business will follow based on security risks present to your company.
As discussed in the first blog post, one of the challenged SMBs face when tackling their IT security challenge is the fear of the unknown. How can a company who sells widgets allocate time and resources to understanding, choosing, and implementing industry best practices for IT security? How can they possibly be able to assess the risks associated with IT security without fundamental knowledge of the industry?
Luckily, some very smart people have done a lot of the hard work already. Several of these guidelines exist with very detailed security concepts that act as a road map to securing a company. The National Institute of Standards and Technology (NIST) has developed numerous publications, some high level, and some very specific, that can be downloaded, absorbed, and leveraged. The International Organization of Standards is another body that has published IT security guidelines. Another resource comes from the Center for Internet Security (CIS) in the form of the CIS top 20 critical security controls. Business can use these guidelines to help them develop and implement IT security related policies and procedures that meet industry best practices.
When following these guidelines, it’s important for companies to assess the risks their organizations face based on confidentiality, integrity, and availability of systems. Without this approach, business may implement controls that are not relevant, just for the sake of having them. Here’s where Rigid Bits can help. This is our bread and butter, we know these things in and out and we can advise and guide as necessary.
Part of our coreSecurity package is the development or review of a business’s security program. If your company is immature in the IT security space, we’ll help you identify which IT security controls are important to your company. If your company has a security program in place, we’ll assess how you’ve done and provide guidance on how to strengthen it. We map your security program the CIS top 20 security controls in an effort to secure your business. A security program is one of the most fundamental security principles that every business must have.
Keep an eye out for the next blog post in this series. We’ll be discussing how attackers leverage your weakest link: Your employees.
Here are a few links for other resources in this series: