Bill Jensen, product marketing manager at Check Point Software Technologies Ltd., a security software firm with headquarters in Ramat Gan, Israel, and Redwood City, Calif., says security is about protecting not only the network but the data. That requires a combination of tactics, from securing the network perimeter to encrypting data on mobile devices.
“Many enterprises look at network security as taking a layered approach,” says Bob Berlin, manager of product marketing at Cisco Systems Inc. in San Jose, Calif. “You can’t just do one thing and know that your network is secure.”
“More and more,” adds Richard Branston, general manager of the security practice at Markham, Ont.-based IBM Canada Ltd., “our clients are saying ‘I want to do centralized security operations where I’m looking at the entire enterprise from a security perspective.’”
Pamela Casale, chief marketing officer at security software vendor Intellitactics Inc. in Reston, Va., says the road to an enterprise security strategy starts with consulting stakeholders to determine what level of risk is acceptable. Then you can formulate a policy that lays out the controls that will achieve that goal.
Standards such as the International Standards Organization’s ISO 17799 and Control Objectives for Information and related Technology (COBIT) are useful frameworks for building a security strategy, advises Jan Wolynski, a director in the advisory services practice of consulting firm PricewaterhouseCoopers LLC and a former police officer.
And, says Casale, it’s important to define the roles and responsibilities of everyone who is part of your security plan – which, she stresses, means everyone from the chief security officer to every user who has a user ID and a password.