Best Practices - 2

  • Identify IT security involvement of every enterprise department; share information on policies, responsibilities, incidents and lessons learned.
  • Determine required response times for various classes of IT breach; ensure that business arrangements reflect these needs.
  • Evaluate insurance policies with regard to IT security threats; resolve any questions of coverage or response.
  • Develop positive programs for reinforcing good security practices; promulgate specific consequences for negligence or misconduct that threatens IT assets.
  • Integrate security considerations into all project proposals to avoid higher cost and weaker security from downstream add-on measures.
  • Implement access control procedures that formalize both the granting and the termination of privileges for both individuals and groups.
  • Design security systems for robustness and economy, not just theoretical strength; reflect organization roles in security arrangements, rather than give IT administration undue control of business operations.