Security strategy: risk analysis, data protection, access control and policy planning.
Security Policy and Strategy
An enterprise security policy is a set of general guidelines for actions and decision-making that facilitate the achievement of objectives. Therefore, to establish these general guidelines it is necessary first to formulate the objectives of the enterprise's security (the overall objective was defined earlier).
Such objectives may include:
- strengthening work discipline and increasing its productivity;
- protecting the lawful rights and interests of the enterprise;
- strengthening the enterprise's intellectual potential;
- preserving and increasing assets;
- enhancing the competitiveness of the products produced;
- providing the enterprise with the most complete information support possible and increasing its efficiency;
- orienting toward world standards and leadership in the development and adoption of new technologies and products;
- fulfillment of production programs;
- assisting management structures in achieving the enterprise's objectives;
- preventing dependence on random or unscrupulous business partners.
Taking the above into account, the following general guidelines for actions and decision-making can be defined, which facilitate achieving these objectives:
- preserving and building up resource potential;
- implementing a set of preventive measures to increase the level of protection of the enterprise's property and personnel;
- involving all employees in the enterprise's security activities;
- professionalism and specialization of enterprise personnel;
- prioritizing non-forceful methods of preventing and neutralizing threats.
To successfully implement this policy, it is necessary to carry out an enterprise security strategy, understood as a set of the most significant decisions aimed at ensuring an acceptable level of security in the enterprise's operations.
The following types of security strategies are distinguished:
1) oriented toward eliminating existing or preventing the emergence of potential threats;
2) aimed at preventing the impact of existing or potential threats on the protected object;
3) focused on restoring (compensating for) inflicted damage.
The first two types of strategies envisage such security activities that result in no threat occurring or that create a barrier to its influence. In the third case, damage is allowed (occurs), but it is compensated by actions provided for by the corresponding strategy. It is quite evident that third-type strategies may be developed and implemented for situations where the damage is recoverable, or when it is not possible to carry out any program for implementing first- or second-type strategies.
Such objectives may include:
- strengthening work discipline and increasing its productivity;
- protecting the lawful rights and interests of the enterprise;
- strengthening the enterprise's intellectual potential;
- preserving and increasing assets;
- enhancing the competitiveness of the products produced;
- providing the enterprise with the most complete information support possible and increasing its efficiency;
- orienting toward world standards and leadership in the development and adoption of new technologies and products;
- fulfillment of production programs;
- assisting management structures in achieving the enterprise's objectives;
- preventing dependence on random or unscrupulous business partners.
Taking the above into account, the following general guidelines for actions and decision-making can be defined, which facilitate achieving these objectives:
- preserving and building up resource potential;
- implementing a set of preventive measures to increase the level of protection of the enterprise's property and personnel;
- involving all employees in the enterprise's security activities;
- professionalism and specialization of enterprise personnel;
- prioritizing non-forceful methods of preventing and neutralizing threats.
To successfully implement this policy, it is necessary to carry out an enterprise security strategy, understood as a set of the most significant decisions aimed at ensuring an acceptable level of security in the enterprise's operations.
The following types of security strategies are distinguished:
1) oriented toward eliminating existing or preventing the emergence of potential threats;
2) aimed at preventing the impact of existing or potential threats on the protected object;
3) focused on restoring (compensating for) inflicted damage.
The first two types of strategies envisage such security activities that result in no threat occurring or that create a barrier to its influence. In the third case, damage is allowed (occurs), but it is compensated by actions provided for by the corresponding strategy. It is quite evident that third-type strategies may be developed and implemented for situations where the damage is recoverable, or when it is not possible to carry out any program for implementing first- or second-type strategies.