Elements of a Company Security Program


Tim J. Smith, PhD
Founder and CEO, Wiglaf Pricing

Published June 11, 2003

• What does security mean to you and your company today?

• Where does security begin once you are inside of your building, plant or warehouse?

• How useful is your current operational security program?

• How does your management team perceive your corporate security environment?

• Are your staff and other employees ready for an education of current Security Fundamentals?

These security questions became of paramount importance to you, your company and companies across the USA; following September 11, 2001.Awareness was focused on key areas, potential security breaches and planning to implement a more comprehensive security policy.

The following checklist can be used to evaluate your security program as it currently exists in your company:

• Security Organization – establishes checks and balances to ensure that procedures are being followed.
• Security Policies and Procedures – requirements, incident records and policy administration and distribution.
• Risk Management – identifying threats, valuing information assets, analyzing risk factors and appropriate responses.
• Security Awareness – organizational education, implementation and administration.
• Physical Security – provides physical protection of IT resources from physical or accidental threats.
• Operations Security – monitors threats, security services and detects potential incidents.
• Information Classification – categorizes and accesses managed information.
• Perimeter Security – protects the internal systems and networks from the outside.
• Host/LAN Security – protects the internal systems, applications and networks from the inside.
• System and Network Access Control Functions – regulate access to system and network resources.
• Intrusion Detection – determines if an attacker (intruder) is attempting to gain access or already has gained access to an unauthorized resource within your company.
• Incident Response – provides quick and efficient response to security incidents.
• Internet Security – enforces security policy on the network to prevent unauthorized internal systems access.
• DRP – disaster recovery planning
• BCP – business continuity planning
• Crisis Management – preparing to run a company, should disaster befall key members of its management staff.

Posted in:

About The Author

Tim J. Smith, PhD, is the founder and CEO of Wiglaf Pricing, an Adjunct Professor of Marketing and Economics at DePaul University, and the author of Pricing Done Right (Wiley 2016) and Pricing Strategy (Cengage 2012). At Wiglaf Pricing, Tim leads client engagements. Smith’s popular business book, Pricing Done Right: The Pricing Framework Proven Successful by the World’s Most Profitable Companies, was noted by Dennis Stone, CEO of Overhead Door Corp, as "Essential reading… While many books cover the concepts of pricing, Pricing Done Right goes the additional step of applying the concepts in the real world." Tim’s textbook, Pricing Strategy: Setting Price Levels, Managing Price Discounts, & Establishing Price Structures, has been described by independent reviewers as “the most comprehensive pricing strategy book” on the market. As well as serving as the Academic Advisor to the Professional Pricing Society’s Certified Pricing Professional program, Tim is a member of the American Marketing Association and American Physical Society. He holds a BS in Physics and Chemistry from Southern Methodist University, a BA in Mathematics from Southern Methodist University, a PhD in Physical Chemistry from the University of Chicago, and an MBA with high honors in Strategy and Marketing from the University of Chicago GSB.