Disaster Recovery (DR) and Business Continuity Planning (BCP) are key elements of business operations. These plans help organizations prepare for and navigate through a disaster or unexpected business disruption.
Physical Security of information systems is exactly what it sounds like: fences, walls, guards, doors and locks between attackers and the data or assets they are after. Physical access to hardware can make an attacker’s job easy, so physical security should be a priority in any security program.
Acceptable use standards govern the ways employees use an organization’s technology and services. Organizations should have an acceptable use policy and require personnel to acknowledge the policy during onboarding. Employees’ use of technology can introduce vulnerabilities or expose sensitive information.
Security breaches can be devastating to an organization; managing the aftermath is known as incident response. This video highlights key principals to help organizations manage an incident.
A Data Lifecycle is a framework that outlines data management from creation or collection through disposal. An organization’s data management policy should outline data lifecycle requirements for collection, retention, and destruction.
Data Classification is the process of categorizing information based on sensitivity. Basic classification categories – “public” or “internal use only” may be appropriate, but categories can be more specific such as “Restricted – Human Resources”. Data Classification should be customized to best fit your organization.
Different data types have different levels of sensitivity, so the acceptable uses and required protections for each data type should be addressed accordingly. The first step in accomplishing this for an organization is identifying the nature and location of its data.
Logical Security is the use of software and systems to control and limit access to information. Anti-virus software, passwords, and encryption are all examples of logical security mechanisms. The best practices in this clip will help your organization secure sensitive information.
Companies collect many different types of data, both sensitive and non-sensitive, in the ordinary course of business. An organization’s responsibility to protect sensitive data begins when requesting or obtaining information and does not end until data is securely deleted or destroyed. This video highlights data privacy laws and regulations along with the potential impact of violating requirements.
Growth in technology has increased the use and value of consumer data creating incentives for abuse and even crime. Data Privacy is the practice of determining how data should be protected based on sensitivity and risk of disclosure.
Social Engineering is the coercion or manipulation of an individual to perform an action or uncover sensitive information. This type of attack can take place over phone, email, or in-person. This video covers common social engineering themes that can help identify a potential threat.
Information security impacts all of us – financial information, email, personal media – can all be compromised and cause inconvenience or financial hardship. Large scale breaches in recent years demonstrate the importance of security awareness. Organizations use annual security awareness training to help train staff in preventing prevent security breaches.
Cryptography is the study of secure communication and today is synonymous with encryption – the protection of data through conversion of data into a code using a key. Data can be encrypted at rest or in-transit; cybersecurity professionals today focus on Symmetric and Asymmetric encryption.
Organization’s security processes are subject to both internal and external security standards. This video highlights some of the most common external security standards.
Sensitive information related to an individual’s health is referred to as Protected Health Information (PHI) or Electronic Protected Health Information (EPHI). In the United States, HIPPA and HITECH provide guidance to organizations on protecting PHI. The key requirements for these regulations are the privacy rule and security rule. This video highlights these regulations and the underlying requirements.
Passwords are critical in guarding our sensitive information from exposure. Are your passwords following these best practices?
Email provides organizations today with an efficient form of communication, file sharing, and scheduling. However, the convenience and widespread use of email makes it a target for attackers. The user practices in this video that can help secure email from bad actors.
While businesses have a responsibility to protect data they manage for us, each of us can take simple steps to help reduce the risk that our personal data will fall into the wrong hands.
Geographically dispersed workforces require secure remote computing to transmit sensitive information. This video features methods available for secure remote computing channels that can protect an organization's information.
Today’s workforce is more geographically dispersed than ever increasing organization’s reliance on remote work. The use of remote work makes businesses susceptible to additional risks. This video highlights important considerations for securing personal and corporate information when working remotely.