The Control Policy Group

Data security the way you run your business

Best practice security controls for IT

One of the most common problems a CIO/VP information technologies has is understanding what are the most effective security products.   The cost of evaluating a new security technology can be very high, and often an IT manager will need to take a decision to implement a particular type of product (for example two-factor authentication) before she knows if the products will be effective.

If you’re an IT executive you are probably familiar with this predicament:

  • You need to provide your CEO with financial justifications in Euro – not high or low risk.
  • You need security controls that don’t disrupt the business.

We recommend employing a 7 step  process with the Practical Threat Analysis (PTA) free risk Assessment software that will help you generate financial justification in dollar/Euro terms before the evaluation and implementation

  • Step 1 – Assess your assets and valuate them
  • Step 2 – Assess and mitigate  threats:
    • Data leakage
    • Data abuse by trusted insiders
    • Network abuse by trusted insiders
  • Step 3 – Assess your vulnerabilities
  • Step 4 – Identify cost-effective security controls
  • Step 5 – Build the financial justification for the CEO. The output of our practical threat analysis process is a financial justification for an effective risk mitigation plan. The plan includes the most cost-effective countermeasures that reduce the risk level to a minimum at a given capital and variable cost.
  • Step 6 – Approve implementation plan
  • Step 7 – Implement the countermeasures
Comments are off for this post

Comments are closed.