Security Slideshow: 12 Information Security Principles To Put Into Action Today

By Jennifer Lawinski  |  Posted 01-12-2011

Focus on the Business

Connect with business leaders to make sure security is a part of business and risk management processes. This will keep information secure now and in the future.

Focus on the Business

Deliver Quality and Value

Communicate with stakeholders so that changing security requirements can be met and to promote the value of information security, both financial and non-financial.

Deliver Quality and Value

Comply with Relevant Legal and Regulatory Requirements

Avoid civil or criminal penalties by identifying compliance obligations and translating them into information security requirements. The penalties should be made clear.

Comply with Relevant Legal and Regulatory Requirements

Accurately Report Security Performance

Use security metrics such as compliance, incidents, control status and cost to demonstrate how security performance is helping the company meet its objectives.

Accurately Report Security Performance

Evaluate Current and Future Threats

Trends and specific threats should be defined and monitored so that you can address them proactively - before you have a security problem.

Evaluate Current and Future Threats

Promote Continuous Improvement

Reduce costs, improve efficiency and promote a culture of security by sharing information with your organization. Keep your IT department agile and always striving for improvements.

Promote Continuous Improvement

Adopt a Risk-Based Approach

Address options for assessing risk and document procedures in a consistent manner. Decide if your plan includes: accepting risk, avoiding risk, transferring risk or mitigating risk.

Adopt a Risk-Based Approach

Protect Classified Information

Identify and classify information according to its level of confidentiality and protect it accordingly through all stages of the information lifecycle.

Protect Classified Information

Concentrate on Critical Business Applications

Prioritize security resources to protect business applications where a security incident would have the greatest impact on the business.

Concentrate on Critical Business Applications

Develop Systems Securely

Build quality, cost-effective systems that the business can rely on. Make information security an integral part of the design.

Develop Systems Securely

Act in a Professional and Ethical Manner

Security relies on the ability of your team to perform duties in a responsible way while understanding the integrity of the information they're protecting. Support respect for the needs of the business.

Act in a Professional and Ethical Manner

Foster a Security-Positive Culture

Make information security part of "business-as-usual." Educate users on how to protect critical information and systems. Make users aware of the threats and risks they face.

Foster a Security-Positive Culture