Every company depends on a computer system, either for internet consultations or save data from the company itself, among others, so that workers can perform their tasks effectively and quickly ... Then, we are questioned if we are sure about possible computer attacks. Creating a computer security policy for your company is one of the solutions to resolve weak points, so we will talk about the Safety Master Plan.
The Safety Master Plan is a set of phases with which it is intended to reduce risk and increase computer security within acceptable levels for the target company.
Initially the current situation of the company will be verified, where a plan associated with the interests of the company will be carried out together with the obligations and good practices that the workers of the company must follow. Finally, depending on the activity of the company, a certificate may be obtained that provides that it has a security policy informs the computer security implemented in the company.
The objective is to carry out the project to ensure the protection of computer security in a legal, organizational technical level. Therefore, 7 phases must be implemented to obtain information security and keep the computer security policy from the Safety Plan with Checklist.
Phases
1. Analyze the current situation of the company
· Previous analysis: Lift the scope, determine processes, to which departments or systems. Define the rank of responsibility for assets (responsible for computer security , responsible for information ...). Perform an initial assessment. Perform controls of the Safety Master Plan. Establish objectives to reinforce and improve points on cybersecurity.
· Technical analysis of computer security : we will see the level of computer security that the company has with respect to firewalls, antivirus, safe websites ...
· Risk analysis: Identify who has a low level of computer security , analyze possible threats, measure the consequences and possibilities of an attack. Verify computer security and how far they protect. Determine the exposed residual risk.
Obtained the level of risk we will assume those attainable by the company to correct them. Strategies:
· Hire third parties
· Eliminate risks executing activities that do not have risks
· Assume the risk with justification
· Implement actions to reduce risk.
2. Align the strategy with the Safety Master Plan, taking into account the growth forecast, if there is outsourcing ...
3. Define the projects to be executed, that is, expose the actions to be executed to reach the level of agreed computer security At this stage we can find projects for improvement, correction or absence, and risk management, always taking into account viability.
4. Classify and prioritize projects taking into account the origin of the project, the type of action, the effort that entails, improvements obtained ...
5. Approve and review the plan for the address once we have the preliminary plan.
6. Execution of the preliminary plan approved adjusted to the company where they will be in:
Present the plan to the people involved
Assign responsibilities for each project and support them of resources
· Create a periodicity of the reviews in each project and the plan, taking into account the changes.
· Check if the risk has disappeared.
7. Certification by computer security policy . Once proven and analyzed that everything works correctly we can prove the quality of our company getting certifications or confidence stamps.
In Gowtech we help your company grow through computer security policies adapted to current time and business situation. Do not spend more money on systems or applications that do not adapt to your business
