In the wake of recent enterprise-data security breaches, the Information Technology Association of America (ITAA) has issued a list of 10 practical security steps to avoid future information losses. The 10 steps are part of the critical security triangle of process, people, and technology that ITAA says enterprise data professionals should focus on to establish a benchmark for safeguarding their organizations’ most valuable assets. The 10 steps* within the three critical areas for safeguarding enterprise data are:
Process
- Routinely assess the risk and vulnerability of physical and electronic enterprise systems and align them with security, incident-response, and business-continuity policies
- Document internal controls and audit policy
- Integrate security requirements into budgeting and procurement
People
- Name a chief information security officer reporting directly to a chief privacy officer and the CEO
- Establish, provide training for, and enforce procedures for employees that work remotely (per documented policies for wireline and wireless teleworking)
Technology
- Deploy and enforce strong authentication technology and procedures as well as have a clear ID management policy
- Implement intrusion detection and intrusion prevention technology to spot and stop hackers from entering your network
- Use encryption or other technology to protect data from unauthorized access
- Deploy strong remote access security, including virtual private networks with SSL or IPSec and anti-spyware