+1 (888) 440-2404

Blog de DriveSavers

IDG : 7 meilleures pratiques en matière de cybersécurité pour les industries réglementées

This article was originally published on two IDG sites simultaneously, Network World et CSO.
By Ryan Francis, CSO

Knowing the Regs

Whether you work for an organization controlled by compliance standards or you are an independent IT firm looking to build your enterprise business, understanding industry regulations is crucial as it pertains to cybersecurity. Michael Hall, CISO, DriveSavers, provides a few best practices for businesses operating in or with regulated industries.

Effectuer une analyse des risques

Also known as “gap analysis” or “security risk assessment,” risk analysis is the first step towards developing a data security policy. Security risk assessments should be conducted annually, biannually or any time something changes, such as the purchase of new equipment or expansion of company services.

Examen de l'accès et de l'autorisation

Dans le cadre d'une analyse des risques, il convient d'examiner un certain nombre de domaines et de méthodes pour s'assurer qu'ils sont correctement sécurisés, y compris les zones physiques. L'accès doit être physiquement inaccessible à toute personne non autorisée.

Create a Data Security Policy

Every employee needs to understand their obligation to protect company data. In order to do so, it’s important to create a data security policy that is easily accessible and understood by employees, and is also enforceable. This document should outline practices that help safeguard any data touched by the company, including third-party business data and sensitive information.

Use the Right Tools

As part of a risk analysis, companies sometimes identify tools that can be used to minimize risks, such as security cameras, firewalls or security software. These should be documented as part of your company’s security policy, used and maintained as part of implementation.

Vérifier le personnel et les prestataires tiers

Conduct background checks of all employees. Third-party providers should also be vetted to make sure they follow documented security protocols identical to or more robust than those in place within your company.

Validate Compliance

The best way to prove that your company is compliant with industry regulations is to have a third-party cybersecurity company validate your company’s security protocols, procedures and the implementation. It can be pricey, time-consuming and intrusive, but if you’re concerned about cybersecurity or looking to build your enterprise business, it’s worth exploring.

Éduquer et faire appliquer

Organiser des programmes obligatoires de formation et de sensibilisation à la sécurité, en veillant à faire signer les documents à lire obligatoirement. Faire appliquer les politiques et les procédures de sécurité par le biais de sanctions. La formation doit toujours faire partie de la mise en œuvre et de l'application. Il s'agit de la partie la plus importante de la sécurité de votre entreprise et elle doit être proposée en permanence.
Pour en savoir plus Network World:

Pour en savoir plus CSO:

Articles connexes

Responsable marketing DriveSavers
Vous écrivez sur DriveSavers, la récupération de données ou un autre sujet lié à la technologie ?
Contactez-nous.

Twitter
Haut de page
Rechercher