Enterprise security is the assessment and deployment of security mechanisms throughout an organization. It encompasses antivirus and malware protection, user privileges, policies, web content management (e.g., "Websense"), firewall and router defenses, wireless access points and anything that is attached to or has access to the enterprise network.
Audit of Enterprise Security Needs: Prior to deployment of an enterprise level security solution, an audit to take stock and see what is needed must take place. This audit will reveal such security issues as patch levels, password controls, open ports, outdated antivirus protection or poorly configured wireless access points. Any one of these presents a security issue to the enterprise.
Assessment of Audit Results: After the audit, a lucid picture of the current enterprise security will be painted. In determining which areas to address first, cost-benefit analysis (cost of action versus the benefit of it) can be used to determine costs (time, materials and man-hours) required to achieve the intended net benefit.
Implementation of Enterprise Security: Once the priorities have been established, hardware and software must be sourced. This will be based on the cost and the budget for the enterprise security plan. Most reliable vendors will also offer professional installation and setup, which an organization may or may not need. This may be another factor for you to consider. One thing about enterprise security: Either pay now for a good solution or pay later when the security is compromised.
Define your Enterprise Security Policy: The security policy is a document that has to be established to set the guidelines that will help your company keep its infrastructure and assets safe from internal and external attacks and from outages. As for any standardized document, creating your security policy starts by collecting information. The person or team in charge of this task have to be not only technically proficient but also be aware of the business logic that drives the business of the organization. This starts by asking some basic questions, which answers will form the draft of a framework for the future policy.
What are the elements that help the organization achieve its vision, mission, and strategic plan?
How do this elements help the organization achieve its vision, mission, and strategic plan?
What implications do business requirements have on security?
How do those requirements get translated into purchase decisions?
Normally, when working on a security policy, you should keep in mind the following targets. The security policy document should:
Provide a mean to audit existing security measures and compare the requirements to the existant.
Plan security improvements, including equipment, software, and procedures.
Define the roles and responsibilities of the company's employees.
Define which behavior is or is not allowed.
Define a process for handling security incidents and the recovery from them.
Enable global security implementation for the whole organization.
