Security

Are you satisfied that information security issues are fully addressed? Security is an important issue for every firm. But, like any good thing, too much or the wrong variety can cause as many problems as it prevents.

Information Security should be considered in context with the overall security concerns of every firm - physical, intellectual property, business process, financial and others. The following questions should help you identify areas of strength or weakness and provide the leadership your firm needs to be confident that security issues have been addressed.

  Have you developed a Business Continuity Plan for both business activities and Information Systems?

  Has the Business Continuity Plan been tested?  How recently?  With or without warning?

  Are your databases backed up and copies stored in a separate, secure location? Have your technicians confirmed that they can restore the key files from the backups in an acceptable time frame?

  How frequently are employees required to change their passwords?  Do the passwords require characters from letters, numbers and punctuation marks?

  Do your HR policies reinforce security?  Do they impose a severe penalty for anyone who violates security protocol?  Are all access codes cancelled the day an employee leaves the company?

  If customers, vendors or trading partners are given access to systems or data, do their security procedures match or exceed your own?

  Do you ensure that the technology used for preventing improper or dangerous access is kept current?

  Have you retained professional “penetration agents” who can test your security systems and procedures to see how effective they are?

  Employees can be the weakest link in the security process.  How often and intensively do your communications programs reinforce the importance of security?

CEO CounselorsCopyright © 2003 CEO Counselors