Security means many things to a lot of different people.
For Building control, it’s about physical security, locks, detection and alarms.
For IT, it’s about virtual security, patching, managing access, monitoring.
For Management, it is about robust processes, managing a breach, detecting the breach’s size, determining if and what data has been taken.
Security is clearly something that goes beyond a single department and requires a structured, coordinated approach from the top down.
So how can ST-FOUR help make your security better?
ST-FOUR and our partners can help you with all aspects of security. Our security consultants can work with you to put together a security implementation programme right for you.
Our approach is to evaluate your current security and, where possible, to enhance rather than replace your current security implementation.
We are here to advise you on security options and help you protect yourself from punitive Data Loss Enforcement Actions and to build a security plan that both meets your organisation’s required aims and your budget.
Options can include but are not limited to
Management Security revolves around managing Risk and ensuring that response processes and legal standards (including insurance) are correctly met. A Cyber breach can take down an organisation in more ways than a loss of IP with ICO fines, Reputational Damage and Cash Flow problems while systems are down being the tip of the iceberg. While the Management Tasks below may not implement changes that directly increase IT security, they do implement the procedures and processes that IT and Building control then secure with direct action.
- Creating an Incident Response Plan
- Create an Employee Awareness Campaign
- Design Mandatory Employee & Senior Management Risk Training
- Review your Insurance Coverage
- Create Breach Detection, Analysis, Contain, Eradicate & Recover Processes
IT Department Tasks
IT is responsible not just for implementing fancy security systems but also for making sure the basics are done well too. The vast majority of Cyber Breaches could be stopped through basic tasks such as regular patching, controlling access to services and data as well as Ensuring Internet-facing systems have the right security settings. Once you have the basics right then it is the correct time to start rolling out more advanced Cyber Security.
- Implement Automated Continuous PEN Testing
- Implement Systems Monitoring
- Improve Device & User Management & Permissions Access
- Implement a “Least Privilege” or “Elevated Privilege” approach
- Implement a regular semi-automated patching regime
- Identify & Fix firewall, Website and networking issues
- Improve security & single sign-on for access to systems and data
While physical security might not be seen as the sexy was to prevent a Cyber Threat it is critically important. There are still thugs out there ready to pick up a drain cover and smash their way into your server room and your data is just as stolen if it’s carried away. Keeping tabs on employees is important too, do you know who has physical access to your data, could you find out what someone was doing with your servers if you need to?
- Provide a physical breach audit
- Implement improved physical breach Prevention, Detection, Warning & Response
- Implement improved security at an External, Internal and Cabinet-level
- Implement CCTV & Advanced Detection & Warning hardware