Upload File

security

1
Healthcare technology solutions are available through the PC Connection, Inc. family of companies. Call today. 1.800.395.8685 Small to Medium Acute or Ambulatory Facilities www.pcconnection.com/healthcare Government Owned and Academic Hospitals www.govconnection.com/healthcare Large and Acute Care Centers and IDNs www.moredirect.com/healthcare ©2015 PC Connection, Inc. All rights reserved. PC Connection, GovConnection, and MoreDirect are registered trademarks of PC Connection, Inc. or its subsidiaries. All copyrights and trademarks remain the property of their respective owners. #178640 0615 Top Four Essentials for Your Security Policy In an era when security threats morph daily and compliance regulations get more complex every year, creating a solid and up-to-date security program is crucial. A good security program must cover your organization end-to-end and line up with your company’s risk management strategy, and provide all the necessary standards, guidelines, and policies to enforce the program. It must also be flexible enough to incorporate ongoing revisions and updates. And it must be enforceable—otherwise, it’s just an object of employee derision and a waste of time. Below are four critical attributes of a credible policy. Don’t Expose Your Organization to Unnecessary Risks WRITTEN BY STEPHEN NARDONE 1. Create an end-to-end policy (don’t just talk about it). Research shows that business executives and IT managers alike believe the coordination of a security program across the organization’s entire data network is essential. Nevertheless, many organizations neglect to include their whole range of data assets when setting a program and developing policies. End-to-end security means protecting data from its point of origin, through all points of transit, to its resting point in storage. You need to examine these points for all of your data, whether they lie on your own servers or in a cloud, and set up measures to address any potential security gaps. Encryption, authentication, authorization, and other means of access control should all be included in the policies and spelled out for every type of data. Include information about penalties for violations, such as revocation of credentials and denial of access, so users can see that the program has merit. 2. Coordinate with risk assessment. Before you finalize your program, go over your organization’s risk assessment documentation to make sure it covers all relevant potential hazards identified, including special risk circumstances and industry-specific compliance regulations. No two organizations are exactly alike, and while it may be tempting to cut and paste a generic policy from the internet, as many organizations do, you are doing your own organization a disservice unless you address your specific risks. 3. Build in a plan for updates and revisions. Once you have a security program in place, review it regularly to make sure it still meets your needs. The IT department should keep up with current trends, monitoring news and comparing its own program with competitors’ to make sure that new threats are addressed. Whenever your organization expands its operations, a review should be done, both to make sure the current program is up-to-date and to account for any new wrinkles the new business line may introduce. 4. Make it enforceable. A security program is useless unless all of its provisions can be enforced. Employees will notice unenforceable requirements and become frustrated and less trustful of the entire program. You can use a variety of security compliance tools that formulate policy requirements into a database and monitor compliance across networks, fixing vulnerabilities as they occur. These systems need to be coordinated with anti-virus software, firewalls, and other security programs already in place. About the Author: Stephen Nardone is Director of Security Solutions and Services at PC Connection, Inc. with over 34 years of experience in both the government side and the commercial side of the security business. Discover more of Nardone’s insights on our official blog, Connected, at www.pcconnection.com/NardoneBlog

Upload: tony-fanelli

Post on 17-Aug-2015

214 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: SECURITY

Healthcare technology solutions are available through the PC Connection, Inc. family of companies. Call today. 1.800.395.8685

Small to Medium Acute or Ambulatory Facilitieswww.pcconnection.com/healthcare

Government Owned and Academic Hospitalswww.govconnection.com/healthcare

Large and Acute Care Centers and IDNswww.moredirect.com/healthcare

©2015 PC Connection, Inc. All rights reserved. PC Connection, GovConnection, and MoreDirect are registered trademarks of PC Connection, Inc. or its subsidiaries. All copyrights and trademarks remain the property of their respective owners. #178640 0615

Top Four Essentials for Your Security Policy

In an era when security threats morph daily and compliance regulations get more complex every year, creating a solid and up-to-date security program is crucial. A good security program must cover your organization end-to-end and line up with your company’s risk management strategy, and provide all the necessary standards, guidelines, and policies to enforce the program. It must also be flexible enough to incorporate ongoing revisions and updates. And it must be enforceable—otherwise, it’s just an object of employee derision and a waste of time. Below are four critical attributes of a credible policy.

Don’t Expose Your Organization to Unnecessary RisksWRITTEN BY STEPHEN NARDONE

1. Create an end-to-end policy (don’t just talk about it).Research shows that business executives and IT managers alike believe the coordination of a security program across

the organization’s entire data network is essential. Nevertheless, many organizations neglect to include their

whole range of data assets when setting a program and developing policies. End-to-end security means protecting

data from its point of origin, through all points of transit, to its resting point in storage. You need to examine these

points for all of your data, whether they lie on your own servers or in a cloud, and set up measures to address any

potential security gaps. Encryption, authentication, authorization, and other means of access control should all be

included in the policies and spelled out for every type of data. Include information about penalties for violations,

such as revocation of credentials and denial of access, so users can see that the program has merit.

2. Coordinate with risk assessment.Before you finalize your program, go over your organization’s risk assessment documentation to make sure it

covers all relevant potential hazards identified, including special risk circumstances and industry-specific compliance

regulations. No two organizations are exactly alike, and while it may be tempting to cut and paste a generic policy

from the internet, as many organizations do, you are doing your own organization a disservice unless you address

your specific risks.

3. Build in a plan for updates and revisions.Once you have a security program in place, review it regularly to make sure it still meets your needs. The IT department

should keep up with current trends, monitoring news and comparing its own program with competitors’ to make

sure that new threats are addressed. Whenever your organization expands its operations, a review should be done,

both to make sure the current program is up-to-date and to account for any new wrinkles the new business line

may introduce.

4. Make it enforceable.A security program is useless unless all of its provisions can be enforced. Employees will notice unenforceable

requirements and become frustrated and less trustful of the entire program. You can use a variety of security

compliance tools that formulate policy requirements into a database and monitor compliance across networks, fixing

vulnerabilities as they occur. These systems need to be coordinated with anti-virus software, firewalls, and other

security programs already in place.

About the Author:

Stephen Nardone is Director of Security Solutions and Services at PC Connection, Inc. with over 34 years of experience in both the government side and the commercial side of the security business. Discover more of Nardone’s insights on our official blog, Connected, at www.pcconnection.com/NardoneBlog

Junos Security Swconfig Security

Hardware Security Attacks Security Architecture Hardware Security

Network Security Network Security Protocol 1 Network Security Chapter 2. Network Security Protocols

Getting Started - Web Security, Email Security, Data Security

THEME Name Surname, Company Twitter handle (17).pdf · Cyber Security Information Security IT Security Physical Security IoT Security OT Security Smart Grid Security Network Perimeter

Security Shutters, Retractable Security Gates, …syston.com/...9267_Security_Shutters_Retractable_Security_Gates.pdf · Security Shutters, Retractable Security Gates, SeceuroBar

Network Security Application Security Security Management

maritime security regulations - UNOLS · Maritime Security Regulations ... ship security – List primary ... Security Plan Port Security Plan Area Maritime Security Transportation

Cyber Security Specialist Information Security • Cyber ... · Cyber Security • Security Analyst • Cyber Security Specialist Information Security • Cyber Operations Manager

Deployment Guide - Web Security, Email Security, Data Security

Chapter 13-802.11 Network Security Architecture 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN

I-4 security. Security taxonomy Physical security Resource exhaustion Key-based security cryptography

SECURITY Security

Mobile Services Security: Mobile Platform Security AF Security

+ Security Concerns Chapter 10.1. + Security types Physical security Access security Database security

Computer Security & network security

HyHy---Security Security Security Gate Operators Gate ... · HyHy---Security Security Security Gate Operators Gate Operators ... and performance of this expertly engineered machine

Remote Filtering - Web Security, Email Security, Data Security

National Cyber Security Centre (NCSC) Cloud Security ... · Cloud Security Principle 4: Governance 23 Cloud Security Principle 5: Operational Security 25 Cloud Security Principle

PHYSICAL SECURITY & ENVIRONMENTAL SECURITY · Physical Security & Environmental Security Policy and Procedures Title [company name] Physical Security & Environmental Security Policy

ANNUAL CONTRACT DETAILS - Banham Security · The following contract details are applicable to: Banham Security, Security 201, Bridger Security, Close Link Security, Tara Security

Buy the security standards you need shop.bsigroup.com/security Standards Brochure.pdf · Security standards shop.bsigroup.com/security BSI’s Security standards Welcome to our security

Corporate Security Service – Security Guard Provider – Security Service:

Security Security Market Operations

SECURITY 31 SECURITY 46 SECURITY S - Fiamma

Security II – Grid Computing Security and Globus Security

For Security Professionals 1 INFORMATION SYSTEM SECURITY SECURITY

Physical & Personnel Security Physical Security Personnel Security

security products - Titus HVAC catalog/security products_2013... · Redefine your comfort zone. ™ | prevents corrosion minimum security medium security maximum security security

VENEZUELA Real Property Security Security Interests in ... Property Security, Security... · VENEZUELA Real Property Security Security Interests in Immovables and Related Property

Tax Security 2.0 – A “Taxes-Security-Together” Checklistblogs.shu.edu/...Taxes-Security-Together_Checklist.pdf · The “Taxes-Security-Together Checklist • Security Summit

Wireless and Mobile Security Lesson Introduction ●WiFi security ●iOS security ●Android security

The security spectrum - Home - Honeywell Security … security spectrum Systems for comprehensive building security 04 MB24 integrated security panel 08 MB48 integrated security panel

Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific