Your clients are
operating in an expanding asymmetric threat environment. Risks to any
organization's confidential information are increasing and the losses now
exceed the amount of money that is made by the world's illegal drug trade.
Cybercrime is hard to detect. It's a very low-risk and high pay-off category of
criminal activity. Plus, it's very hard to prosecute.
Cyber criminals are
constantly trying to steal, alter or damage confidential information. Illicit
hackers and crackers are dedicated to discovering vulnerabilities and
exploiting them. When they discover a pathway into an organization's digital
assets, nefarious users can steal identifies, open false charge accounts, make
purchases, gain access to financial resources or commit worse.
Organizations that
have had their digital security breached can face liability lawsuits, suffer
the loss of business, or have their reputations damaged. In the case of some
states your clients and customers can even suffer fines.
Accountants, insurance
agents, management consultants or even bankers can provide value-added service
to their commercial clients. How? Advising clients how to create and implement
a solid information assurance plan is one way. Doing so can block cyber attacks
on a client's mission critical information. Insurance agents, for example, can
show clients how to implement a strategy while showing them how to transfer
risk.
You can offer professional
advice on how to protect against cybercrime. Your clients will likely find your
professional advice and counsel invaluable, giving you the opportunity to forge
stronger customer relations and helping them to protect mission critical
information. It's truly a win-win situation for everyone.
So how can your
clients create an information assurance plan that is designed to protect
critical information?
Identify - The first
thing that can be done is to identify each one of an organization's information
assets. Each should be classified as to its level of importance. The security
plan that is eventually developed for the company would contain objectives and
procedures for implementing security best practices.
Analyze - Your clients
need to conduct a risk analysis. The study should examine the vulnerabilities
and potential threats against the information assets that are identified. A
plan needs to be written that protects mission-critical information. Such a
plan must treat information assurance as a business process like accounting,
personnel, finance and manufacturing.
Implement - The plan
must include policies and procedures that identify responsibilities for each
individual in the organization. The plan should promote the confidentiality and
integrity of information assets. Business continuity would be a key element and
prescribe what steps to be taken in the event of a cyber attack. An intrusion
detection plan, physical security and information security awareness training
should be put in place for all employees.
Additional components
of a strong information security plan should be auditing, backup, and disaster
recovery and the transference of risk that would involve cybercrime insurance.
Dr. William G. Perry
is the publisher of (www.paladin-information-assurance.com) and author of the
books How to Secure Your Computer and How to Secure Your Smartphone and Other
Mobile Devices. Dr. Perry is an information technology specialist with
significant experience as a university professor, author and contractor for various
federal agencies. Dr. Perry also publishes a computer security glossary http://www.computer-security-glossary.org.
No comments:
Post a Comment