ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Resource Articles > Business Security Planning August 1, 2010


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

Establishing a Business Security Plan

All businesses that conduct business via the Internet have a responsibility to keep their data safe. When a customer registers to receive information or to purchase a product from your business, it's very likely that they are trusting their personal information to you as part of the process. If their personal information is compromised, the consequences can be far reaching and dire. Your business' risks commence with upset customers who may be unwilling to continue doing business with you through jail time and large fines.

The standard to which business owners are held has risen dramatically over the past year. These days, it's considered common sense that any business that collects personal information from customers also would have a security plan to protect the confidentiality and integrity of the information. For financial institutions, it's an imperative: The Gramm-Leach-Bliley Act and the Safeguards Rule, enforced by the Federal Trade Commission, require financial institutions to have a security plan for just that purpose. Due to other recent laws and regulations, such as the Sarbanes-Oxley Act and HIPAA regulations, business data security imperatives are being brought into the mainstream.

The threats to the security of your information are varied -- from computer hackers to disgruntled employees or even simple carelessness. While protecting computer systems is an important aspect of information security, it is only part of the process.

Security Plan Implementation

Sound security for businesses means regular risk assessment, effective coordination and oversight, and prompt response to new developments. Following are some points all businesses need to consider as you design and implement your information security plan:

  • Identifying internal and external risks to the security, confidentiality and integrity of your customers' personal information
  • Designing and implementing safeguards to control the risks
  • Periodically monitoring and testing the safeguards to be sure they are working effectively
  • Adjusting your security plan according to the results of testing, changes in operations or other circumstances that might impact information security
  • Overseeing the information handling practices of service providers and business partners who have access to the personal information. If you give another organization access to your records or computer network, you should make sure they have implemented sufficient security of their own.

When setting up a security program, your business should consider all the relevant areas of its operations, including employee management and training; information systems, including network and software design, and information processing, storage, transmission and disposal, and contingencies, including preventing, detecting and responding to a system failure. Although the security planning process is universal, there's no "one size fits all" security plan. Every business faces its own special risks. The administrative, technical, and physical safeguards that are appropriate really depend on the size and complexity of the business, the nature and scope of the business and the sensitivity of the consumer information it keeps.

See Also

View Responses (0) Post Response


Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

© Copyright 2003- 2007 DGKL, Inc. PRINT PAGE