by Tanya Heffel. Tanya has nearly 20 years of hands-on experience in a variety of highly competitive industries and fast-paced environments including the Federal Government. As an innovative technical/operations leader with experience in managing teams to new levels of achievement, Ms. Heffel has specific expertise in strategic planning, business unit development, project management, and system engineering strategies. She has a proven ability to thoughtfully analyze an organization’s requirements, identify deficiencies and potential opportunities, and develop innovative and cost-effective solutions for enhancing competitiveness and improving customer service offerings.
Security. That word alone can be so daunting… and the perfect implementation of Security practices in an organization can at times seem like an insurmountable task. Security is all about a methodology based on common practices that we, as users, already know and adhere to. The four essential elements of this are:
• Education. Educate your users and your customers. Educate your staff and work in partnership with your vendors and other experts. This is the most important aspect of Security in any organization, an informed user and customer community reduces the risk to an organization.
• Security in depth. This is more of a way of thinking. Policies and procedures alone are not enough to protect a business. You must implement those policies consistently and educate all aspects of the business to understand that Security isn’t only “that person who walks around like Darth Vader”, it’s a daily practice. Securing your Infrastructure platform (i.e. network and hardware security, patching, continuous monitoring), developing secure code, and creating quality assurance testing cycles that also test for security vulnerabilities; all of these actions, applied in a layered fashion along with continual education will create for a more elegant and secure platform.
• Keep Current. Read, stay abreast of the changes in all industries. Review your compliancy governances, talk to your auditors on what they see is trending. It is important to keep your head out of the sand.
• Plan…Do…Check…Act…Repeat. Once you have your plans, policies and procedures in place, and have educated your organization, you must actually do the difficult aspects of Security (integration of the plans, making changes to existing procedures, etc.). Check to make sure plans, policies, procedures and governances are being followed. Act in the event that any of the above looks to not be followed or is broken. And above all else, REPEAT!
In the end, Security isn’t something that you implement once and forget about it. It’s an ever evolving, organically growing element of everyday life and business. And each person in your organization has a part to play in its implementation and maintenance.
Want to learn more? Stay tuned for the four part series diving deeper into each of the core components above.