The importance of cyber security can be realized initially by asking a company to produce a list of critical assets along with associated information systems that have an impact on them. Prioritization of these assets can assist the company with the allocation of scarce security resources.
As a part of an internal strategic security business continuity plan, companies should also plan for a disaster event in case they are not able to receive products or services from others, or provide products and services to others. An example is the need for a pandemic plan, which is should have redundant vendors and technologies for biological threats that will impact cyber security protection abilities. Another example is to ensure that all critical information systems, subsystems and parts are not from hostile sources or environments.
A short list of items to consider:
- Get professional security advice, and be wary of an overnight security expert, as the security business is extremely lucrative these days.
- Communicate, consult, cooperate, and collaborate with security professionals internally such as corporate security, as well as such organizations as the police, R.C.M.P. and Public Safety and Emergency Preparedness Canada (PSEPC).
- PSEPC is the Canadian counterpart of Department of Homeland Security in the U.S. The PSEPC Web site (www.psepc.gc.ca) also contains a wealth of information.
- Other security professionals, committees or resources may be found within industry associations and business associations.
- Involve all levels of key information systems stakeholders within your corporation. This action is important to ensure that all aspects of business operation are secured.
- Beware of security resources outside of Canada, because items such as law and funding eligibility may not be applicable to Canadians.
- Do not underestimate departments such as legal, disaster services, safety and human resources; they can play a crucial role in enhancing cyber security initiatives.
- Do not reinvent security, because it may unintentionally lead to a vulnerable security state with increased threats and risks.
