Applying Security Measures
No matter how good your security planning is, it will be useless if the envisaged measures are not put into practice.
It is the responsibility of Security Management to coordinate the implementation of the security protocols and measures established in the Security Policy and the Security Plan.
First of all, Security Management must verify that:
- The staff know and accept the established security measures and their responsibilities regarding security.
- Employees sign confidentiality agreements relevant to their post and responsibility.
- The relevant training is given.
Security Management is also directly responsible for:
- Assigning the resources necessary.
- Generating the necessary reference documentation.
- Collaborating with the Service Desk and Incident Management to handle and resolve security-related incidents.
- Installing and maintaining the hardware and software tools necessary to ensure security.
- Collaborating with Change Management and Release Management to ensure that new vulnerabilities are not introduced into live systems or test environments.
- Proposing RFCs to Change Management with a view to enhancing security.
- Collaborating with Service Continuity Management to ensure that the integrity and confidentiality of the data are not compromised in the event of a disaster.
- Establishing the policies and protocols for access to information.
- Monitoring the networks and online services to detect intruders and attacks.
It is necessary for the company's management to recognise the authority of Security Management in relation to these issues and to allow Security Management to propose binding disciplinary measures when employees or other personnel concerned with the security of the services fail to comply with their obligations.