The 7 Habits of Highly Effective Security

The 7 Habits of Highly Effective Security
L. Taylor - June 6, 2000

Event Summary

With cybercrime on the rise, it is important for organizations to make sure that protecting their vital information and assets, and their customers, is not getting overlooked. Sometimes it is the most basic security procedures that are overlooked, e.g,. the utilization of safe, encrypted passwords.

Market Impact

If every minute of downtime costs $10,000 [1], how can your organization afford to overlook security? If the average web buyer will wait only 8 seconds for a page to download [2], allowing your site to become vulnerable to denial of service attacks may wreak havoc on your bottom line. In order to prevent your customer credit card numbers from being stolen, we have provided 7 key habits that should become a part of your IT security agenda.

Figure 1. CEO/CIO Wallet Card

Sources: [1] The Standish Group [2] Zona Research

User Recommendations

  1. Ascertain what you need to protect and from whom. If you don't have the internal resources to perform a security analysis, hire an outside consultancy to do one for you.

  2. Scan for vulnerabilities and weaknesses. There are numerous network scanners such as Cybercop and Internet Security Scanner that can save you quite a bit of time with this.

  3. Apply corrective action to insecure systems and policies. After you find out where your vulnerabilities are, you now know where you need to take action. If your staff is unable to resolve these vulnerabilities, outsource the job to someone who can.

  4. Architect security policies and processes. Implement. After you ascertain what needs to be secured, and how, create corporate policies to support your agenda.

  5. Make sure that Security Management is part of the IT budget. Purchasing security enforcement products and allocating funds for implementation should not be overlooked.

  6. Deploy security enforcement (firewalls, anti-virus, intrusion detection). Purchasing security products is not enough. You need to deploy, manage, and support them.

  7. Educate your staff on security policies and processes. Without educating your staff on the importance of security, your CIO won't receive the buy-in needed from the other executive managers to make security deployment successful.

About the Author

Laura Taylor, former Director of Research for Security at TEC is now the Chief Technology Officer at Relevant Technologies, Inc.

For more information go to

Editor's Note:
This article has been modified from its original form since the original publication date.

comments powered by Disqus