Skip to main content

10 steps formula to keep your organization secure

Image result for information security professionalsHello Friends, 

Now a days running the organization is likely to enter into the battle with infiltrators and protect your state(customers). Here I want to share with you 10 major actions which is really required for any organization to be safe from cyber criminals. These steps are defined commonly for all small scale, medium and large organizations. 


1. Provide training for your employees

Image result for information security professionals
Learning is the first step to get any excellence or execution. Provide proper training for all your employees including manager to junior executive for information security practice and policies. If your employees must know which weapon should use for what and how to defend so that he/she would be aware then you may avoid major risks on your organization. 


2. Get informed about your operation

Before you going to fight the battle, you must know strength and weakness of your army. So get fully understand your requirement. Get clear about what to protect and where to concentrate more.  Know your risks, critical conditions, and what you will do if ball is not in your court. 

3. Proper classification and records 

How much soldiers, how much weapons how much knights all matters for commander. You should know all your assets which you have and need to protected. All systems , devices should classified and updated. War is hard to win with rusted spears. 

4. Network security

Image result for information security professionals
Protect your wall from the intruders. Implement complete network security using VPN, firewalls and block all unnecessary protocols. Implement network access controls as per process requirement and avoid unnecessary social media usage. 

5. Physical security 

Always implement access control for all your working floors which limits upto authorized people only. CCTV, guards, bio matrix all security parameters should be implemented to secure your working area. 

6.  Clear roles and responsibilities

A horse man may not that much capable to fight with elephant and King should have all the power which he deserves to win the battle.All your executives, managers, accountants, HRs even Top management must have complete knowledge about their individual responsibilities. 

7. Protect your applications

Image result for information security professionals
Your product(application), your website, your designs must be secure from any malware and spywares. Use updated enterprise version antivirus and other security applications to keep your applications and all intellectual information safe and secure. 

8.  Develop information security policies

Rules are for everyone. Defined Information security policy can avoid many hurdles during the operations. If there is clearly defined strategy than it will also help in incident management and response in manner to protect all your systems, information and network. Information security policy is the manual for your way to win the battle. 

9.   Destruction is necessity

The one which is created will destroyed one day. Always make sure the documents which are created which containing some sensitive data, that should be always destroyed after usage. Define proper timeline and instructions for data destruction. Use shredders for shredding of paper materials and smash old drives and burn magnetic taps once its not usable. 

10. Back up plan 

Image result for back up plan
If the condition is not in your favor than always you should have plan B for your safety. Make a Business continuity plan for prevent your organization from any unwanted threats either internal or external. Clear roles and actions must be defined for your business back up to from all environmental, technical or operational disasters. 

Hope these tips will work you to keep your work environment strong and secure like a robust empire. 

Share your views and feedback in comment. 




Comments

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovatin...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...