Organizations, regardless of size, face ever-increasing information technology and data security threats. Everything from physical sites to data, applications, networks, and systems are under attack. Worse, neither an organization nor its managers need prove prominent or controversial to prove a target. Automated and programmatic robotic attacks seek weak- nesses, then exploit vulnerabilities when detected.
As a result, every business, educational facility, government agency, and nonprofit organization must carefully prepare and diligently maintain security initiatives. A security risk assessment should be performed annually, if not quarterly. Consider using a checklist to not only coordinate security risk assessments, but also to document these reviews as they are completed.
From the checklist:
Only by regularly reviewing and scrutinizing policies and procedures, behaviors, facilities, operations, workflows, networks, and systems can organizations hope to effectively combat ever-increasing hostile actions, which include elaborate phishing and social engineering attacks, net- work and systems threats, insidious crypto threats, unauthorized data access, and even intentional sabotage by internal personnel.
Begin security risk assessments by listing all the areas in which your organization operates and possesses important elements, including its physical office facilities, client computers, servers, applications, data, and behaviors. Then rank the importance of each of those elements as to their value to your organization’s ongoing operations. Customer financial transactions, including your office’s and the customer’s credit card numbers and bank account information, should rank very high, while the integrity of local voice circuits might prove of lower importance.