Organizations that do not understand the overwhelming importance of managing data and information as tangible assets will not survive the new digital economy.
Remember the following:
- Key business processes generate vital information and data that need to be protected from a mission critical perspective
- The business operations and support processes also generate critical information that take many forms including classified documents, application code, databases, spreadsheets, presentations, project plans, emails etc.
- These various types of information and the systems that maintain it become assets of great value to your organization so steps should be taken to understand the impact to your organization if such assets are breached, become unavailable or destroyed
- Adequate safeguards should be implemented for these assets based on some kind of information classification scheme where the protection increases as the value of the asset increases
- Define policies, standards and guidelines so that your organization knows how the different classifications of assets should be protected and implement manual and automated processes to monitor and enforce them
- Assess your internal and Internet facing systems, technology and IT operational processes for vulnerabilities on a periodic basis and remediate or minimize risks as soon as possible
- Continuously monitor and report on your networks and systems about security incidents, track remediation efforts and be able to identify possible cyber attack vectors and take prompt counter measures