Discover All Technology Assets (D.A.T.A. – you can’t secure what you don’t know you have)

            Hardware Inventory

  • On premise
  • Remote
  • BYOD
  • Network Diagrams

            Software Inventory

  • On premise
  • Cloud based
  • Shadow IT

            Data Inventory

  • Data Flow Diagrams
    • Who and where is the data collected from?
      • Customers
      • Vendors
      • Employees
      • Contractors
  • Data Map (Location) Diagrams
    • Your data
    • Other’s data

Compliance And Risk Evaluation (C.A.R.E. – you advise, business leadership decides)

  • Understand the laws and regulations the business is legally obligated to comply with.
  • Understand the Risk Tolerance level the CEO and Board of Directors has decided they are willing to accept.

Align Security And Privacy (A.S.A.P. – part 1)

  • Align the Information Security Program to meet all the legal compliance obligations and the risk tolerance level determined by executive management.
  • Align the Privacy Policy to collect only the minimally required data and to retain only that data necessary to meet the compliance obligations as well as company operational procedures.

Address Systems AND People (A.S.A.P. – part 2)

  • The Security Plan policies and procedures address both the technology AND the people that are working with the technology and the data.
  • Make sure everyone is aware of, understands, and has access to the policies and procedures required for their job function.
  • Incident Response, Business Continuity and Disaster Recovery documents should be available in hard copy, securely stored, in several places both on and off site.

%d bloggers like this: