Building a Secure Organization
Building a Secure Organization
John Mallery
BKD, LLP
Chapter 1
It seems logical that any business, whether a commercial enterprise or a not-for-profit business, would understand that building a secure organization is important to longterm success. When a business implements and maintains a strong security posture, it can take advantage of numerous benefits. An organization that can demonstrate an infrastructure protected by robust security mechanisms can potentially see a reduction in insurance premiums being paid. A secure organization can use its security program as a marketing tool, demonstrating to clients that it values their business so much that it takes a very aggressive stance on protecting their information.
But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches.
As of September 2008, according to the National
Conference of State Legislatures, 44 states, the District of
Columbia, and Puerto Rico had enacted legislation re quiring notification of security breaches involving personal information.
1 Security breaches can cost an organization significantly through a tarnished reputation, lost business, and legal fees. And numerous regulations, such as the Health
Insurance Portability and Accountability Act (HIPAA), the
Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley
Act, require businesses to maintain the security of information.
Despite the benefits of maintaining a secure organization and the potentially devastating consequences of not doing so, many organizations have poor security mechanisms, implementations, policies, and culture.
1. OBSTACLES TO SECURITY
In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.
Security Is Inconvenient
Security, by its very nature, is inconvenient, and the more robust the
John Mallery
BKD, LLP
Chapter 1
It seems logical that any business, whether a commercial enterprise or a not-for-profit business, would understand that building a secure organization is important to longterm success. When a business implements and maintains a strong security posture, it can take advantage of numerous benefits. An organization that can demonstrate an infrastructure protected by robust security mechanisms can potentially see a reduction in insurance premiums being paid. A secure organization can use its security program as a marketing tool, demonstrating to clients that it values their business so much that it takes a very aggressive stance on protecting their information.
But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches.
As of September 2008, according to the National
Conference of State Legislatures, 44 states, the District of
Columbia, and Puerto Rico had enacted legislation re quiring notification of security breaches involving personal information.
1 Security breaches can cost an organization significantly through a tarnished reputation, lost business, and legal fees. And numerous regulations, such as the Health
Insurance Portability and Accountability Act (HIPAA), the
Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley
Act, require businesses to maintain the security of information.
Despite the benefits of maintaining a secure organization and the potentially devastating consequences of not doing so, many organizations have poor security mechanisms, implementations, policies, and culture.
1. OBSTACLES TO SECURITY
In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.
Security Is Inconvenient
Security, by its very nature, is inconvenient, and the more robust the