You don’t need to look any further than the powerful computer in your hand to realize how much technology has connected our world. 这个设备, 连接到互联网和您组织的数据, 改变了做生意的方式. Unfortunately, it has also opened up a whole new realm of 风险 for your organization. If that same computer ends up in your competitor’s hands with no security measures in place, it could mean losing your competitive advantage and proprietary data. 同样或者更糟, being unable to conduct normal business operations because your data is inaccessible or missing.
If something as small as a smart phone has the potential to put your entire business in jeopardy, why do business leaders avoid analyzing and managing their information security 风险s? 这通常是因为他们不知道从哪里开始.
Utilize the following questions to begin assessing the current state of your business and where potential problem areas exist.
To what extent are your business goals reliant on data and technology?
换句话说, what would be the consequences of a serious security incident in terms of lost revenues, 客户, 和投资者信心? 我们常常把技术视为理所当然. When it’s working, the technology and data goes relatively unnoticed. But when there’s a hiccup in the service, the result is annoyance at best and lost business at worst. Identify which of your critical operational processes rely on technology and data assets. 制定一个计划来确保数据的可靠访问.
Does anyone know how many information and communications technology assets the company owns and whether they went missing?
It’s easier to notice when a laptop or desktop computer is stolen. 但存储在USB驱动器或云中的数据又如何呢? There is great convenience available with the emergence of Box, Salesforce and other cloud-based Platform as a Service providers, but do you own the data when using these service providers? If your provider closed today, would you be able to access your data? Take an inventory of both physical assets, as well as data storage units in the cloud.
What safeguards have been established over systems connected to the internet to protect the organization from loss, 损伤和/或披露?
而无线网络, 移动设备, and the Internet of Things (IoT) present great opportunities, 它们也引入了重大风险. What security processes are in place for the transmission and storage of data on the cloud? 您是否将物联网设备连接到单独的网络? Begin documenting which devices are connected to the internet and whether certain devices should be placed on a network separate from your critical data assets.
Do you conduct an information security 风险 assessment on a regular basis?
Information security is an evolving process since new data assets and threats develop and evolve with time. 十年前, an organization’s 风险 assessment likely focused on in-house servers, 台式电脑, 甚至还有传真机. Today’s businesses need to assess the 风险s posed by cloud computing, 移动设备，甚至物联网设备. 实施一个过程和时间表 审查 your organization’s security and data landscape on a regular basis.
Is information security considered a priority or an afterthought during business strategy and planning activities?
Benefits and growth are the glamorous parts of a new strategic initiative. Unfortunately, the strategic planning process often glosses over the 风险 portion of the analysis. It’s often during the execution of the initiative when information security is given some thought, 哪个会太晚. Build into your planning processes a way to analyze 风险 and determine the best way to manage the initiative’s information security 风险s.
If you were unsure how to answer any of these questions or want to learn more about this topic, 你可以访问最近的AGH大学网络研讨会, 信息安全:商业领袖的入门. This webinar was tailored to business leaders who need an introduction to information security. The webinar ensures that you understand the importance of information security in the business context. 更重要的是, it provides resources and guidance on how to start tackling your information security 风险s. 如果你想了解更多信息, 或者迫不及待想开始, you can contact Brian Johnson using the information below.
Brian于1992年加入AGH. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, 基于能力的信息系统管理, 保证, 和太阳集团城官方. 他在信息安全方面有丰富的经验, 网络工程, 和解决方案开发, 具有公认的治理专业知识, 风险, 控制, 及相关太阳集团城官方.
Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and 技术 保证 (IMTA) Section, 以及供应链管理协会(ASCM). 他是注册信息系统审计师(CISA)。, 认证信息安全经理(CISM), 企业IT治理认证(CGEIT), Certified in Risk and Information Systems Control (CRISC), 认证数据隐私解决方案工程师(CDPSE), and Certified in Production and Inventory Management (CPIM).
Brian is also a Certified Public Accountant (CPA) and a graduate of 威奇托 State University, where he earned Master of Accountancy and Bachelor of 业务 Administration degrees.