Four steps you should expect from your ‘Security Health Check’
2014 was another historic year for data breaches in businesses of all sizes and from all industries. Those with the most experience in the Information Security world agree, it is not a matter of “if” a data breach happens but “when”. While this may seem like a depressing fact, there are things your business can (and should) do to mitigate the possible risk of a breach, control the damage a breach may cause and evaluate your Information Security Program. In my previous posts, I’ve outlined the basic steps to better security that organizations should take, many of which hinge on developing what I call a “culture of security” in your organization. But if you already feel like you have a sound culture of security, and are looking for a more “hands on” solution, a “Security Health Check” is a great entry-level tool that you can use to start the New Year off right.
There are many entry-level options available, each geared towards specific industries and sizes of organizations. It is important to recognize that a quality entry-level security health check solution simply won’t do for a financial institution or really anyone in a regulated industry. These businesses have worked far too long under very strict requirements to benefit from any entry-level security program like a standard health check. A good Security Health Check should be a perfect fit—both in scope of work and price—for small to midsized businesses in an unregulated industry. The right Security Health Check solution will:
- Interview the staff responsible for Security and Compliance, including “gate keepers”
- Review current security programs, policies and procedures
- Scan networks and firewall for vulnerabilities
- Summarize these findings and take the time to review them with you
The investment of time and resources that accompany these steps should be flexible enough to change with the size of your organization, and take into consideration the number of end users or devices in your environment. In addition to offering the above four vital steps, be sure the person or company conducting the health check has the proper credentials. Professionals should come with some pedigree of experience in the Information Security industry, and ideally hold the CISSP title.
While a Security Health Check cannot protect you from a data breach, it can offer you the peace of mind knowing that you have done your due diligence to your stakeholders to mitigate the threat and damage that a breach may cause. If you feel as though you might be a good fit for a Security Health Check, reach out to your trusted IT provider for pricing and operational information.