Determine your requirements.
- What do you need to protect?
- What business information requires a high level of confidentiality and integrity?
- What information and systems must be reliable and available?
Review the current state of your security program.
- What are you currently doing to ensure confidentiality, integrity and availability of your important business information and systems?
- Are you assuming your Internet Service Provider (ISP) is taking care of security?
- What data are you protecting?
- Is it employee data, customer data or business and financial data?
- Are your systems password-protected?
- Do you conduct regular and scheduled backups and check the backups
- Do you have restricted access to sensitive data?
Determine what your potential losses could be, including the impact on your good name.
- What level of risk are you willing to accept?
Determine your cost break-even point based on realistic assessment of the security threat to your business.
- What would be the cost to your business if suppliers knew what you paid the competition?
- What would happen if your competitor found out your proposed new product line or acquisition plans?
Next topic in this section >
