Top 20 Blogs of 2020: Cybersecurity Checklist Part 7 – Risk Management, Security, and Metrics Reporting
Part 1 – The Basics
Part 2 – How do you Manage?
Part 3 – Tracking Changes, Patching, and Endpoint Security
Part 4 – Identifying and Classifying Data, Encryption Strategy, Backup and Disaster Recovery
Part 5 – Securing Groups, Assigning Permissions, and Web Monitoring
Part 6 - Part 6 – Protecting the Inside of Your Network
This week’s blog continues to focus on the various elements of security and the importance of reporting on your IT metrics.
Risk Management – Risk management is the process of identifying, analyzing, and controlling threats to an organization’s assets and finances. A risk management program should be a major component of your business strategy. The National Institute of Standards and Technology (NIST) has developed risk management standards to help determine what risks exist and how to reduce them. Performing a Security Risk Assessment is a good start to correcting the vulnerabilities that exist in your environment.
Cloud Security – Cloud security refers to a set of policies and controls to protect the applications, data and infrastructure of the cloud. If you utilize a public cloud solution, your data is at risk. Consider a private cloud solution that is regulated. The SOC 2 compliance is recognized as one of the highest standards of cloud security and availability excellence in the IT industry.
Applications Security – You’ve protected the security of your environment, now it’s time to protect the security of your applications. Application security uses hardware, software and processes to protect applications from external threats, such as malware. You should review the security of your applications periodically.
Metrics Reporting – How do you track your IT performance? What metrics do you use to show ROI of the applications, software, and hardware you have in place to keep your network and data secure? You should review the metrics with key leaders on a consistent basis to review what works best.
Our next blog is the last in our cybersecurity blog series. We’ll explore the various elements of Audit and Compliance that can help you minimize the risk of a cyberattack.