Security Slideshow: 12 Information Security Principles To Put Into Action TodayBy Jennifer Lawinski | Posted 01-12-2011
Focus on the Business
Connect with business leaders to make sure security is a part of business and risk management processes. This will keep information secure now and in the future.
Deliver Quality and Value
Communicate with stakeholders so that changing security requirements can be met and to promote the value of information security, both financial and non-financial.
Comply with Relevant Legal and Regulatory Requirements
Avoid civil or criminal penalties by identifying compliance obligations and translating them into information security requirements. The penalties should be made clear.
Accurately Report Security Performance
Use security metrics such as compliance, incidents, control status and cost to demonstrate how security performance is helping the company meet its objectives.
Evaluate Current and Future Threats
Trends and specific threats should be defined and monitored so that you can address them proactively - before you have a security problem.
Promote Continuous Improvement
Reduce costs, improve efficiency and promote a culture of security by sharing information with your organization. Keep your IT department agile and always striving for improvements.
Adopt a Risk-Based Approach
Address options for assessing risk and document procedures in a consistent manner. Decide if your plan includes: accepting risk, avoiding risk, transferring risk or mitigating risk.
Protect Classified Information
Identify and classify information according to its level of confidentiality and protect it accordingly through all stages of the information lifecycle.
Concentrate on Critical Business Applications
Prioritize security resources to protect business applications where a security incident would have the greatest impact on the business.
Develop Systems Securely
Build quality, cost-effective systems that the business can rely on. Make information security an integral part of the design.
Act in a Professional and Ethical Manner
Security relies on the ability of your team to perform duties in a responsible way while understanding the integrity of the information they're protecting. Support respect for the needs of the business.
Foster a Security-Positive Culture
Make information security part of "business-as-usual." Educate users on how to protect critical information and systems. Make users aware of the threats and risks they face.