e-businessguide - Maintain/monitor

Once the program is implemented, you must ensure that security is made an integral part of day-to-day business activities.

For example, develop a policy for employees to follow concerning:

password use
daily data backups
general computer use, such as not leaving a logged-in computer unattended for any period of time
safe and appropriate use of email and the Internet
security awareness as part of the general business culture.

Security must be considered an essential part of the process for any system upgrades, such as when new software is installed or when computers are added to the office network.

The aim of monitoring processes and systems is to identify potential and actual security problems before they become issues that may cost your company time and money.

When a security issue is identified, all organisations should have procedures in place to:

stop further intrusions or breaches
limit disruption
save evidence of breach or intrusion
prevent the incident from happening again.

Next topic in this section >

Protecting - What can I do? - The security program lifecycle - Maintain/monitor