Elements of a Company Security Program

by Wallace Czeropski, 11 June 2003

<back | | next>

• What does security mean to you and your company today?

• Where does security begin once you are inside of your building, plant or warehouse?

• How useful is your current operational security program?

• How does your management team perceive your corporate security environment?

• Are your staff and other employees ready for an education of current Security Fundamentals?

These security questions became of paramount importance to you, your company and companies across the USA; following September 11, 2001.Awareness was focused on key areas, potential security breaches and planning to implement a more comprehensive security policy.

The following checklist can be used to evaluate your security program as it currently exists in your company:

• Security Organization – establishes checks and balances to ensure that procedures are being followed.
• Security Policies and Procedures – requirements, incident records and policy administration and distribution.
• Risk Management – identifying threats, valuing information assets, analyzing risk factors and appropriate responses.
• Security Awareness – organizational education, implementation and administration.
• Physical Security – provides physical protection of IT resources from physical or accidental threats.
• Operations Security – monitors threats, security services and detects potential incidents.
• Information Classification – categorizes and accesses managed information.
• Perimeter Security – protects the internal systems and networks from the outside.
• Host/LAN Security – protects the internal systems, applications and networks from the inside.
• System and Network Access Control Functions – regulate access to system and network resources.
• Intrusion Detection – determines if an attacker (intruder) is attempting to gain access or already has gained access to an unauthorized resource within your company.
• Incident Response – provides quick and efficient response to security incidents.
• Internet Security – enforces security policy on the network to prevent unauthorized internal systems access.
• DRP – disaster recovery planning
• BCP – business continuity planning
• Crisis Management – preparing to run a company, should disaster befall key members of its management staff.

---
Wallace Czeropski is a security and disaster recovery expert. He may be reached at benedctus@aol.com or (773) 775-5907.

<back | | next>