Best practice security controls for IT
One of the most common problems a CIO/VP information technologies has is understanding what are the most effective security products. The cost of evaluating a new security technology can be very high, and often an IT manager will need to take a decision to implement a particular type of product (for example two-factor authentication) before she knows if the products will be effective.
If you’re an IT executive you are probably familiar with this predicament:
- You need to provide your CEO with financial justifications in Euro – not high or low risk.
- You need security controls that don’t disrupt the business.
We recommend employing a 7 step process with the Practical Threat Analysis (PTA) free risk Assessment software that will help you generate financial justification in dollar/Euro terms before the evaluation and implementation
- Step 1 – Assess your assets and valuate them
- Step 2 – Assess and mitigate threats:
- Data leakage
- Data abuse by trusted insiders
- Network abuse by trusted insiders
- Step 3 – Assess your vulnerabilities
- Step 4 – Identify cost-effective security controls
- Step 5 – Build the financial justification for the CEO. The output of our practical threat analysis process is a financial justification for an effective risk mitigation plan. The plan includes the most cost-effective countermeasures that reduce the risk level to a minimum at a given capital and variable cost.
- Step 6 – Approve implementation plan
- Step 7 – Implement the countermeasures