3 Paths to Enterprise Security
A Look at a Comprehensive Security Program
Long before companies hit the headlines for security breaches, you knew information security was important. Your company installed firewalls and the assumption was your data was protected. Companies currently in the headlines all thought they were protected. What do you do now? CMI has developed a comprehensive, three phased approach for working with companies to help assure they are not the next Scottrade, UCLA Medical Center or Sony. The three phases are:
- CyberSecurity – Preparedness Assessment
- CyberSafety – Enterprise Change Program
- CyberService – Enterprise Technology Fabric
All three phases fall within the Governance/Risk Management/Compliance portion of CMI’s Adaptable Data Center framework.
CyberSecurity – A Preparedness Assessment is key with cybersecurity. Completion of an assessment in this phase will help you understand where your organization is relative to established information security frameworks. If you are in the Healthcare industry, this framework is called HITRUST (Health Information Trust Alliance). Organizations outside of the Healthcare industry follow an information security framework established by the National Institute of Standards and Technology (NIST). Results from the assessment will provide you with a documented current state, a declared desired state based on your business and risk objectives, and prioritized, actionable items for improving your risk management position. This assessment establishes aligns your organization, provides a roadmap for remediation, and a baseline for measuring your progress moving forward.
CyberSafety – The focus is on people and process. There are security training programs that will help you make your employees “less of a problem;” however, we feel it is more important to make your employees an “asset” in protecting your organization’s data. CMI has partnered with Emerson Human Capital Consulting, Inc. in order to implement such an impactful program. The end game is to transform users into stewards of your data, moving them from liabilities to security assets. It will embed Cybersafety into the culture and values of the organization through the key tenants of accountability and trust. A continuous and consistent effort across the organization will result in measurable improvement and improved security.
CyberService – Enterprise Technology Fabric focuses on the tools that provide a secure, managed platform to stop, protect, safeguard and optimize your organization. Secure Information and Event Management (SIEM), end-point protection, mobile, cloud, database are representative areas that need to be addressed to have a truly comprehensive security fabric. There are many point solutions in the security space, and it is important to find architecture, design and tools that integrate well, and through integration, expand the value of these security solutions.
Incorporating all three phases provides a comprehensive approach to addressing security challenges within your organization. Each organization is different and at varying security maturity levels. Let CMI help you determine how these three phases make sense for your organization and insure that published stories about your company are about the quality of your products, services and growing business.