Blog / Improving Electronic Security is a Multi-Step Process
And don’t get hung up on the computer part.
Improving computer and organizational security doesn’t happen overnight. It’s a process that takes both effort and commitment. It’s easy to get lost, or fall for the comforting notion that it’s as easy as toggling on a switch on your computers. But there’s more to it than just that. All the digital security in the world won’t help without the rest of of your electronic security.
So what else is there to electronic security beyond computers? Here are three areas you should also be focusing on to improve your electronic security.
Part 1: Technical Controls
Technical controls are the ones everyone remembers. This category encompasses everything related to computers including properly managing your administrative user credentials, using security software and antimalware, and so forth. It’s the obvious place to start, but problems happen when there’s insufficient attention paid to the other two areas.
Part 2: Operational Controls
This category focuses on how you organization uses (operates) your electronics. It primarily considers policies that address security, such as password and email policies, supported by electronic controls where possible. For example, Windows password settings are a technical control that can enforce password policy requirements such as minimum number of characters, capitalizations, numerals, and special characters, etc.
Part 3: Management Controls
Enforcing security policies through technical controls is a good step forward in improving your electronic security, but all that effort can be for naught without effective management. Management controls are the rules set by the organization for itself. These include incident response, disaster recovery plans, or annual policy reviews.
Technical controls are generally easily improved because the cost can be easily justified to management, and there’s a real-world product and tangible product to help make a case. Things get harder as you progress from technical to managerial controls. The need to regularly evaluate existing policies or have a proper method for risk management often isn’t as easy to sell, and although it may be a bit of a stereotype to suggest managers feel like rules are for subordinates, more often than not it’s the management controls that are the hardest to put in place.
It’s important to remember that action needs to be taken in all three areas if you’re truly interested in improving your businesses electronic security.
In honor of management-themed puns you’ll find today’s famous quote in the play Julius Caesar: “Eh Tu, Brute?”
If you’d like help putting together an action plan for improving electronic security throughout your organization, contact a TRINUS account manager and we’ll be delighted to help out.
Courtesy your friendly neighbourhood cyber-man.