Security Slideshow: 12 Information Security Principles To Put Into Action Today

Focus on the Business

Connect with business leaders to make sure security is a part of business and risk management processes. This will keep information secure now and in the future.

Deliver Quality and Value

Communicate with stakeholders so that changing security requirements can be met and to promote the value of information security, both financial and non-financial.

Comply with Relevant Legal and Regulatory Requirements

Avoid civil or criminal penalties by identifying compliance obligations and translating them into information security requirements. The penalties should be made clear.

Accurately Report Security Performance

Use security metrics such as compliance, incidents, control status and cost to demonstrate how security performance is helping the company meet its objectives.

Evaluate Current and Future Threats

Trends and specific threats should be defined and monitored so that you can address them proactively - before you have a security problem.

Promote Continuous Improvement

Reduce costs, improve efficiency and promote a culture of security by sharing information with your organization. Keep your IT department agile and always striving for improvements.

Adopt a Risk-Based Approach

Address options for assessing risk and document procedures in a consistent manner. Decide if your plan includes: accepting risk, avoiding risk, transferring risk or mitigating risk.

Protect Classified Information

Identify and classify information according to its level of confidentiality and protect it accordingly through all stages of the information lifecycle.

Concentrate on Critical Business Applications

Prioritize security resources to protect business applications where a security incident would have the greatest impact on the business.

Develop Systems Securely

Build quality, cost-effective systems that the business can rely on. Make information security an integral part of the design.

Act in a Professional and Ethical Manner

Security relies on the ability of your team to perform duties in a responsible way while understanding the integrity of the information they're protecting. Support respect for the needs of the business.

Foster a Security-Positive Culture

Make information security part of "business-as-usual." Educate users on how to protect critical information and systems. Make users aware of the threats and risks they face.