Information security: keep your devices safe.

Data security is the prime desire of every organization to protect its most sensitive data with the process of data security strategy in place. The strategy will help determine who owns the data, where it originated, how sensitive is it, what it can be used for. Organization should implement change in the management process, restrict the access of devices to the network. Employees should be provided the minimum necessary access, and the principle of least privilege should be applied, and should plan for incident response and recovery from incidents.

Critical information could be handled by adopting these four steps below:

a. Define: requires understanding the organization’s strategic goals and how data security fits into these goals will provide guidance to the overall data security program. Cybersecurity professional need define critical data, the impact that data has to the organization if it is lost and the required security control baselines to protect that data.

b. Discover: requires knowing where the critical data is located within the organization to ensure it is adequately protected with multilayered security controls.

c. Baseline: this is the understanding of how much effort is needed to secure the data environment and also discovers where the security gaps are located and what additional controls might need to be implemented to better protect critical data.

d. Secure: This requires technical solutions to be designed and implemented to protect data. Based on the gaps discovered during the baseline assessment, a plan is developed to address risks and implement updated data security controls that will meet the overall data protection objectives.

Present action plans and procedures to recover or reestablish critical electronic devices and communication networks.

This comprises series of decisions an organization will be taken pre and post disaster. In order to ensure business continuity and availability of critical resources during disasters, the plan should be documented and also tested in advance. This will help expedite the process when the actual disaster or emergency strikes. The key to network disaster recovery is preparedness. The action plan is the master tool of IT-based as well as other organizations to protect their IT infrastructure, ascertain organizational stability, and systematic disaster recovery. The following are the steps that should be taken in IT disaster recovery planning:

• Perform Risk assessment: A risk analysis and business impact analysis should be conducted, which includes in scope the possible disasters, both natural and man made.

• Prioritize Processes and Operations: The organization’s critical requirements pertaining to each department must be determined with respect to data, documentation, services, processes, operations, vital resources, and policies/procedures.

• Data Collection: The complete data about the organization must be gathered and documented. It should include inventory of forms, policies, equipment, communications.

• Creating the Disaster Recovery Plan: The DR plan should be created in a standard format that would enable detailing of procedures and including essential information.

• Testing the Plan: The developed Disaster Recovery Plan should be tested for efficiency. Testing provides a platform wherein an analysis can be done as to what changes are required and make appropriate adjustments to the plan.