Security Plan

Implement A Security Plan For Your Business

First, What is a Security Plan?

A Security Plan or System Plan documents the controls that have been selected to mitigate the risk of a system. The controls are determined by a Risk Analysis.

Assisting with the process NIST (National Institute of Standards and Technology) provides a catalog of controls with templates outlining the Cybersecurity Framework for Critical Infrastructure and Security Plan. Businesses may use the outline when creating their Security Plan.

How to Implement Your Security Plan?

1. Take an inventory of your physical and information assets (what are you protecting?).
2. Perform a risk assessment to determine what level of security is needed to protect your information assets.
3. Complete the checklist to make you aware of your security strengths and weaknesses
4. Complete an evaluation. Evaluate your findings and discuss recommendations to correct deficiencies and/or improve security with departmental administration and IT staff.
5. Develop a security plan. Create a plan with target dates for implementation.
6. Set Deadlines / Completion Dates
7. Project Management – Monitor the process from start to finish
8. Evaluate upon completion

Responsibilities for a Departmental Security Plan

  1. Inventory – IT Staff
  2. Risk Assessment – Systems Administrator
  3. Checklist – Systems Administrator
  4. Evaluation – Systems Administrator
  5. Plan – IT Staff & Systems Administrator

What does a simple IT security plan schedule look like?

Tasks Example:
  1. Draft Security Plan
  2. Submit Plan for review by other managers / outsourced IT company for this process.
  3. Edit
  4. Finalize Security Plan
  5. Submit to Board of Directors “if needed”
  6. Distribute the Plan to all Management
  7. Distribute the Plan to all Personnel
  8. Meet with Management – set dates – begin implementation
  9. Establish means to accomplish Security Tasks and events
  10. Establish Security Breach Committee
  11. Establish Proactive Security Committee
  12. Obtain and install required new equipment if needed (servers, workstations, programs, etc.)
  13. Implement new policies (ex – clean desk, remote working, etc.)
  14. Evaluate the implementation
  15. Evaluate Security Program
    1. Internal Review
    2. External Review
  16. Modify Security Program and Plan
    1. Schedule follow up meetings / audit
0
Read More
5 Things you need to know about IT Data Security

5 Things You Need To Know About Data IT Security

Over the past year, 4,149 data breaches compromised more than 4.2 billion records, shattering the previous all-time high of about 1 billion exposed records. This assessment comes from the 2016 Year End Data Breach QuickView Report.

Too many companies are failing to implement basic data IT security controls

Its extremely important that companies follow the basic data security needs. It doesn’t take a genius to realize that there remains a disconnect between the realities of the breach threat and the practicalities of defending against it. Businesses must understand the risks, and how to best protect themselves and their clients against a potential breach.

At the end of the day a Ransomware outbreak or data breach will strain the relationship between you and your clients, so you need to focus on delivering consistent, quality service and limiting the possibility of a breach.

Here are five things you definitely need to think about when it comes to IT Data Security:

  1. Always make sure your data is stored properly in an encrypted database.
  2. Develop an organization-wide data security plan
  3. Remove unnecessary data from your electronic devices and keep tabs on what data remains.
  4. Hire professionals to completely clear all electronics of unnecessary sensitive data.
  5. When upgrading or disposing of devices with sensitive data, contact a professional for physical destruction of the data-containing component of the device. Deleting files from your hard drive isn’t enough. Data can still be recovered if not correctly destroyed.

Furthermore, dealing with breaches will never be an easy task and that’s why you must protect yourself before they become an issue. Understand what data can be compromised and how. Search the internet for tips, documents and case studies. If you still feel like your business is “at-risk” call the managed IT professionals, SecurityRI.com.

Also, we can assess your network at no charge. If you need additional information regarding why to outsource your IT department, please check out our white paper on improving your security technology today.

 

 

0
Read More

Rhode Island’s Mandatory Identity Theft Protection Act

Is your business compliant with Rhode Island’s Mandatory Identity Theft Protection Act?

On June 26th, Governor Gina Raimondo signed the New Rhode Island Identity Theft Protection Act of 2015.  Although, are you aware that updated provisions have been made, and businesses must comply?

You’re probably thinking if the act applies to your business?

It does apply for anyone or entity who or that “stores, collects, processes, maintains, acquires, owns, uses, or licenses personal information about a Rhode Island resident.”  This act has no exclusions based upon an organization’s size or number of employees.

(more…)

0
Read More

Microsoft Office 365 IT Security Benefits

microsoft office 365Microsoft Office 365 was first announced back in October 2010. It has been a long time since the announcement, but it looks like Microsoft Office 365 is ready for the corporate world. Fact of the matter is: your business can benefit from using Microsoft Office 365. Our goal is to ensure that your company optimizes the IT security benefits of the new cloud-based platform. (more…)

0
Read More
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
26 Cedar Lane - Seekonk MA 02771

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365