Security - CIOInsight

Home

Security

12 Information Security Principles To Put Into Action Today

Security Slideshow:
12 Information Security Principles To Put Into Action Today

By Jennifer Lawinski on 2011-01-12

Information security has become an increasingly important aspect of the job of CIO as concerns about corporate governance, regulatory compliance and risk assessment multiply in the enterprise. To give you the tools you need to get your company’s business leaders on board with a rigorous information-security plan, the ISACA, the Information Security Forum (ISF) and (ISC)2 have worked together to assemble this list ofinformation security principles. Their recommendations are a how-to guide for security management in an era in which rapidly evolving threats require you to stay steps ahead of the bad guys. In addition, coordinated efforts between IT and business teams are necessary to make sure that regulatory compliance is in line and data remains secure. These principles can help you promote a culture of security in your enterprise. Making security a part of daily operations throughout the business can lead to smart behavior on the part of your end users and an increased awareness of the threats and risks that you and your team face every day. Leveraging these principles, you can add value to your organization while helping protect its vital information.

	LATEST STORIES
	- IT Careers: Departures Mark Exec Shuffles at... - Microsoft Office on iPads, Android Tablets C... - Quest Software Acquisition Would Bolster Del... - N.J. Mayor, Son Arrested for Computer Hackin... - Why HP's Next Leader Should Come from Within...

BLOGS

Tim Moran: CIOs Go To Market

Tony Kontzer: Fed CIO Aims to Root Out IT Waste

Tony Kontzer: Imagine There are No CIOs

Tony Kontzer: Will the Cloud Solve Federal IT Security?

Tony Kontzer: Privacy, Security and the CIO

John Parkinson: When Good DR Goes Bad

Tony Kontzer: What's So Special About iCloud?

Tony Kontzer: Farewell Kundra, We Hardly Knew Ya

More blogs >>

Focus on the Business

Connect with business leaders to make sure security is a part of business and risk management processes. This will keep information secure now and in the future.

12 Information Security Principles To Put Into Action Today - Security

Deliver Quality and Value

Communicate with stakeholders so that changing security requirements can be met and to promote the value of information security, both financial and non-financial.

Comply with Relevant Legal and Regulatory Requirements

Avoid civil or criminal penalties by identifying compliance obligations and translating them into information security requirements. The penalties should be made clear.

Accurately Report Security Performance

Use security metrics such as compliance, incidents, control status and cost to demonstrate how security performance is helping the company meet its objectives.

Evaluate Current and Future Threats

Trends and specific threats should be defined and monitored so that you can address them proactively – before you have a security problem.

Promote Continuous Improvement

Reduce costs, improve efficiency and promote a culture of security by sharing information with your organization. Keep your IT department agile and always striving for improvements.

Adopt a Risk-Based Approach

Address options for assessing risk and document procedures in a consistent manner. Decide if your plan includes: accepting risk, avoiding risk, transferring risk or mitigating risk.

Protect Classified Information

Identify and classify information according to its level of confidentiality and protect it accordingly through all stages of the information lifecycle.

Concentrate on Critical Business Applications

Prioritize security resources to protect business applications where a security incident would have the greatest impact on the business.

Develop Systems Securely

Build quality, cost-effective systems that the business can rely on. Make information security an integral part of the design.

Act in a Professional and Ethical Manner

Security relies on the ability of your team to perform duties in a responsible way while understanding the integrity of the information they’re protecting. Support respect for the needs of the business.

Foster a Security-Positive Culture

Make information security part of “business-as-usual.” Educate users on how to protect critical information and systems. Make users aware of the threats and risks they face.

Recent Slideshows

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By


		Try Windows Azure free for 90 days Introducing the world's first family of systems with integrated expertise FREE Securing Smartphones & Tablets for Dummies Book from Sophos 77% of the Fortune 500 Manage Content Securely with Box. Leverage your virtual computing environment with Dell. Build an IT Infrastructure That Delivers the Future 5 New Technologies That Will Change Enterprise IT

CIO Insight:	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
Quick Links:	Enterprise Mobility Zone \| Management Case Studies \| Loyalty Programs \| Term Sheet \| Strategy Maps \| Organizational Behavior \| Net Present Value Calculator \| Link to Us
	Security: Network Security Entprise Networking Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices TechDirect iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 10.

Security Slideshow:12 Information Security Principles To Put Into Action Today