Projects Require Security Coordination from Many Groups
When managing your security, you must focus on what your critical assets are and how you are going to protect them. A key component to loss prevention is assessing the potential threats to the successful achievement of the goal.
Here's the TenStep guest blog post "Projects Require Security Coordination from Many Groups":
In the 1980's and earlier, it was not unusual to walk in the front door of many companies and visit whomever you wanted without any challenge. Some of these were huge companies. For good or for bad, those days are pretty much gone. Over the past 15 years, companies have become more conscious of the need for security at all levels. The goal is to allow all employees to have access to everything they need to do their jobs – and not one thing more!
Security is a broad term and the development of your overall security policy requires help from many different organizations. Let’s look at some of the players who are involved.
- Facilities. Your Facilities Department is typically responsible for the physical safety and security of the people in the company. Facilities is typically responsible for having guards at the front of the building, establishing a reception area where all visitors wait, issuing badges to authorized employees and contractors, setting up badge reading equipment, etc.
- Human Resources (HR). HR has two main roles in security. First, they develop policies safety and security such as workplace harassment, threats, retribution, etc. Second, they help determine the consequences associated with unwanted and careless behavior related to security.
- Auditing. You internal and external auditors are typically interested in making sure that you have good, sound security policies in place – and that you are following them. The best laid plans are meaningless if they are not executed, and auditing makes sure that security is in place and enforced appropriately.
- Business Units. Each Business Unit needs to have security policies that cover their business information, raw data, reports, trade secrets, etc. For instance, certain financial reports may need to be designated “Highly Confidential” and kept in locked drawers when not being used.
- Network administration. Different companies have different names for this group, but they are the ones responsible for the security, reliability and integrity of the computer network. This group makes sure that the entire network is safe from hackers, firewalls protect the network from outside access, and data and databases are protected and secure.
- IT development. The development group must build the proper level of security into the business applications. This can include passwords to gain access into applications, as well as making sure that people only have access to the business information they need for their job.
Most companies have function with overall responsibility for security. There are many groups involved with the various aspects of security. However, this Security Group is vital to coordinate the various activities and make sure that everything is consistent and coherent.