Your Security Policy is the Foundation of Your Defense System.
Understanding the threats to your system is the gateway to the creation of a security policy that represents a truly professional set of tools.
To achieve a solid platform for your analysis, you can search the Internet for experience from actual attacks on similar systems and involve professional assistance
- Identifying Assets/Data.
- All data should be safeguarded to a degree that reflects the value they represent. This value will depend on the consequences of the security event.
- Evaluating Potential Risk.
- Enumerate all that possibly can go wrong whether through an accidental event or caused by carelessness or malicious intent.
- Improve Defense Measures.
- Re-evaluate the defense methods that already are established and consider what else might be needed.
Passwords, encryption, redundancy, backups, firewalls, and pin codes may all work for you; it all depends on how these measures are implemented and maintained.
If you do not feel totally confident about this procedure you should probably consult a professional.
If intrusion prevention, detection, and assessment are words with little meaning to you, you should definitely talk to a professional.
How Much Security is Adequate Security?
Appropriate security is as much about assessing an appropriate level of defense. This is where a cost benefit analysis becomes a useful tool.
Estimate the maximum loss equal to: Lost income due to the missing information, cost of restoring/ reacquire the information, and the consequences of publicizing/revealing confidential data.
Assessing Probability of Loss Scenarios.
Some events are logically more likely to happen than others, and some data will be more or less exposed to perpetrators.
If you choose to transmit unencrypted confidential information over an unsecured channel like regular e-mail or telephone, the probability of interception is very high. Had those data, on the other hand, been encrypted with an advanced algorithm, the probability that the interceptors would break the encryption could be close to zero.
Cost Benefit Analysis on Optional Security Measures.
With the result of the previous steps factored out to a dollar value, you can answer the question: How much security is adequate security.
It is perfectly acceptable to ‘pick the low hanging fruit’ -give with the most obvious problems first priority. To eliminate the root of the problems will strengthen the system as you continue to work on one issue after another.
Security is an ongoing process. The sooner you start it the better your protection.