|
As a company grows and matures
it is necessary to formalise ways of working. As part
of that process it is important that a company develops
a watertight IT security policy to manage all aspects
of the IT infrastructure. You need to ensure that
staff are aware of their responsibilities for managing
data and equipment. This should include a detailed
understanding of what they can write in emails, download
from the internet and store on the company computers.
It is also important to describe the responsibilities
of the company as a whole. You should list the steps
required to securely provide backup, virus protection
and remote access to your systems.
Development
companies are faced with an even more complex set
of requirements; requiring them to satisfy clients
of their adherence to industry standard guidelines
for writing web applications that fully implement
security. This would include such things as designing
a robust log-in module, handling password complexity
and changing, storing passwords in an encrypted format,
securing database connections and managing authentication
of distributed components.
In any company, practical security
equipment and techniques are only worthwhile when
the company using them operates in the manner the
equipment and techniques are actually intended. The
way a company operates, as detailed in their policies
and procedures, is often more important than the actual
way it is protected. For example, without a clear
Internet Usage policy, it is difficult to enforce
any disciplinary action against an employee for downloading
pornography. NSA can help any size company review
its existing policies and procedures, as well as generate
new ones to enable the company to function as it should.
|
