Elements of a Company Security Program
• What does security mean to you and your company today?
• Where does security begin once you are inside of your building, plant or warehouse?
• How useful is your current operational security program?
• How does your management team perceive your corporate security environment?
• Are your staff and other employees ready for an education of current Security Fundamentals?
These security questions became of paramount importance to you, your company and companies across the USA; following September 11, 2001.Awareness was focused on key areas, potential security breaches and planning to implement a more comprehensive security policy.
The following checklist can be used to evaluate your security program as it currently exists in your company:
• Security Organization – establishes checks and balances to ensure that procedures are being followed.
• Security Policies and Procedures – requirements, incident records and policy administration and distribution.
• Risk Management – identifying threats, valuing information assets, analyzing risk factors and appropriate responses.
• Security Awareness – organizational education, implementation and administration.
• Physical Security – provides physical protection of IT resources from physical or accidental threats.
• Operations Security – monitors threats, security services and detects potential incidents.
• Information Classification – categorizes and accesses managed information.
• Perimeter Security – protects the internal systems and networks from the outside.
• Host/LAN Security – protects the internal systems, applications and networks from the inside.
• System and Network Access Control Functions – regulate access to system and network resources.
• Intrusion Detection – determines if an attacker (intruder) is attempting to gain access or already has gained access to an unauthorized resource within your company.
• Incident Response – provides quick and efficient response to security incidents.
• Internet Security – enforces security policy on the network to prevent unauthorized internal systems access.
• DRP – disaster recovery planning
• BCP – business continuity planning
• Crisis Management – preparing to run a company, should disaster befall key members of its management staff.