Planning and policies for IT security pay off, not only in savings in the event of a data breach, but also by reducing the likelihood of a breach. According to a 2014 Ponemon study sponsored by IBM, the average cost to a company for each compromised record with sensitive or personal information was $201. But the study also found well-prepared organizations can reduce these costs. Companies that involved business continuity management in the remediation of a breach reported that they reduced the cost of a breach by an average of $13 per compromised record.
And organizations with a strong security posture and a formal incident response plan in place prior to the incident could reduce the cost per record by as much as $38. Appointing a CISO to lead the data breach incident response team reduced the cost by another $10. [http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/]
What exactly does planning and policies for IT security mean? This question has two answers. On one end, Business Continuity Planning (BCP) and a proper risk management framework should be the foundation of your company’s IT security services. And then a proper set of IT solutions and personnel need to be acquired in order to execute the policies and standards established by your risk planning.
On the risk and BCM side, a maturity model is an important framework to have. It allows an organization to assess the rigor of its security practices and processes according to industry best practices. This can help create a more robust security footing over time, reducing the number of successful cyber-attacks and enabling a quicker return to normal operations following a successful attack.
The maturity of an institution’s security program can be plotted from basic—or immature—to comprehensive—or mature. It is possible that the cybersecurity of different parts of an organization, especially large ones, can be in different stages of maturity.
Please note with this approach more mature isn’t always more secure. Lots of other pieces of the puzzle have to go down in synchronicity in order to achieve proper security, such as your password management solution and policies.
In an age where more of our personal information lives, password protected, and in the cloud, organizations need their password management solution to be flexible and scalable. That’s why it’s crucial to plot your company’s password management maturity within the model by addressing such questions as:
- Does your organization currently have automatic password reset?
- Do your users have to use a combination of numbers, letters and incorporate at least one symbol in their password?
- Does your password management system allow for the user to remotely unlock their account if they happen to forget their password?
By addressing and entering these and other questions concerning the level of password management security within your IT security maturity model, you can start to see the current state of your password management capabilities. Only then are you able to paint a picture of where you would want to be in the future and what criteria you need to work on to get there.
This Blog was brought to you by Nervepoint Technologies and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Nervepoint Technologies, a leader in Password Self-Service solutions.