10 step security implementation

10 step security implementation

10 step security implementation process:

Order Security ManualDownload Selected Pages

  1. Make security an executive directive – The driver for security needs to be at the CEO and or the Board of Directors
  2. Implement clear security guidelines – Have a published security manual with specific policies, procedures, and statements of what will occur if someone does not follow the rules.
  3. Provide specifics for security compliance – Do not use statements like “in general” without having specific example of what the individual needs to do.
  4. Enforce that everyone follows the rules – If ID badges are require then everyone including the CIO and CEO need to use one.
  5. Provide formal training program – All new employees should go thru this program as soon as they are hired and all existing employees need to have “at least” an annual review of the security guidelines and rules
  6. Communicate Security – On an on-going basis communicate what security best practices all employees and associates need to follow.
  7. Monitor security compliance – Validate that security rules and guidelines are being followed and make individuals and managers accountable for breaches.
  8. Establish security compliance metrics – Identify metrics that are meaningful to validate that compliance is occurring. Have metrics which show violations to the security guidelines as well as the total breadth and depth of the security process
  9. Provide security compliance feedback – At least month provide a general report that show the status of the security program.
  10. Audit security with a third party – On an annual basis have a third party audit the security program and validate:
    • The program is in place and functional
    • The program is being followed
    • All of the right things are included

Security Manual Template and Compliance Tools

Security PoliciesSecurity Policies – Procedures – Audit Tools

Order Security ManualDownload Selected Pages

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.