Start aligning your security strategy to better protect your organization's most critical asset - data.
While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and over time, if funding is available, works its way down to the micro level, which is the data. This methodology misses the critically associated with data exposure. Think about these two scenarios.
1) A hacker gets past your firewall and steals customer information.
2) An employee accidentally deletes your product catalog.
Where is the best place to prevent these risks? Correct, at the data level. In response to scenario 1, the company would have to admit to being penetrated by a hacker, but could confidently say that customer information was encrypted and is therefore unreadable by anyone outside of the company. Concerning scenario two, by setting proper access permissions for the data, no employee would have the authority to erase the catalog. These real-life and too ofter occurring scenarios lead us directly to the need to begin our security quest at the data level.
Please consider these protective steps:
1) Understand, inform and educate everyone that your organization's most critical asset is data.
2) Protect the data using encryption - both when stored and in transit.
3) Limit data access by using proper identification, authentication and audit controls.
4) Build and test several data recovery scenarios, because even the best prevention mechanisms can't thwart a system failure from causing data corruption or loss.
5) Keep expanding your security posture outwardly.
Please recognize that my intention here is to get you to acknowledge the importance of the data owned by your organization. Most companies understand the need and have the funding necessary to implement several layers of protection for their computing assets. Just be sure to consider your investments based on a deliberate understanding of your assets, from which you can then prioritize your security builds.
Visit http://docs.google.com/present/view?id=ddzzxj2h_26fwk5w2hs to see the visual aid.