10 Elements Of A Good Security Plan

Experts offer up advice and insight, and talk about why flexibility and consistent review are key to keeping security on a high level.
User Education Important

6.What A Good Policy Includes: The security policy should outline what company data should be encrypted, how it should be encrypted (64-bit, 128-bit, etc.), as well as spell out who has access rights to the encryption key(s). Similarly, the security policy should include details about passwords, including how often they should be changed and securing the password (i.e., no notes taped to the desktop).

By encrypting all sensitive data, a company doesn’t lose more than a wireless device if a laptop, PDA, etc., is stolen or gets misplaced. This also helps protect data on movable media, like tapes, as well as data in stationary company systems, like servers and mainframes. For example, if ChoicePoint or Bank of America had encrypted their data the recent security breaches would have been a non-issue, Conorich points out.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing