- 1. Building a risk-aware culture
- 2. Developing security-rich applications by design
- 3. Intelligent security operations and rapid threat response
- 4. Secure collaboration with mobile and social
- 5. IT hygiene
- 6. Creating secure and resilient networks
- 7. Securing the complexity of cloud and virtualization
- 8. Managing third-party compliance
- 9. Ensuring data security and privacy
- 10. Managing the digital identity lifecycle compliance
- Downloadable resources
10 essential security practices from IBM
Assess and transform your security maturity
Beth kicks off the series with this introduction to the 10 essential security practices.
1. Building a risk-aware culture
In the complex world of enterprise security, it takes more than having a security plan in place to maintain a secure organization. In this video, Beth discusses the first essential security practice. She discusses why enterprise security is everyone’s responsibility and why educating the workforce at every level is critical to a balanced and effective security program.
2. Developing security-rich applications by design
In this video, Beth addresses the importance of making security an integral part of the development and deployment lifecycle.
3. Intelligent security operations and rapid threat response
In today’s world, it’s not a matter of if an organization will be hacked, but when. In this video, Beth talks about the importance of security analytics. She discusses the importance of having a security incident response plan that goes beyond a simple checklist to a comprehensive strategy.
4. Secure collaboration with mobile and social
The idea of securing the enterprise behind a wall with one access point is as antiquated as securing a castle behind a moat and a drawbridge. Today’s technology demands multiple access points. In this video, Beth discusses the importance of protecting both the business and the employees using mobile devices to access enterprise data. She discusses why bring your own device (BYOD) is a complicated challenge that must be addressed as part of the larger security program.
5. IT hygiene
An ounce of prevention is worth a pound of cure. In this video, Beth explains that, much like in our personal lives where we practice good hygiene to ward off illness, it’s vital to practice good IT hygiene with IT assets and information. IT hygiene practices can help block avenues for exploitation and prevent major security problems.
6. Creating secure and resilient networks
With WiFi, cloud, and other developments in technology, network security has become increasingly more complex. In this video, Beth discusses why organizations must secure only their network perimeter. Just as important, she discusses why organizations must also look inside their network to control, manage, and protect the network, users, systems, and applications.
7. Securing the complexity of cloud and virtualization
Cloud offers many benefits to organizations and is growing rapidly. Even in our personal lives, many of us are using the cloud today. In this video, Beth emphasizes the importance of organizations working with their cloud providers to understand the security programs already in place, and of utilizing a move to cloud as an opportunity to assess the security needs. Beth discusses how to build the organization’s cloud environment with a balanced, effective security program.
8. Managing third-party compliance
In today’s business world, organizations connect their networks to third parties like clients, suppliers, and business partners. This naturally creates a security risk. In this video, Beth shares the importance of addressing the connection to third parties as a shared risk, and building a partnership between key parties that clearly understand that risk. This shared risk must be identified and managed as part of the security program.
9. Ensuring data security and privacy
Information is the new world currency. It’s critical for companies to take not only a network-centric approach to security, but a data-centric approach as well. Cyber criminals steal data because, for them, data means real money. In this video, Beth discusses the importance of understanding what specific data is valuable to the organization, where it resides, and who can access it. She also discusses the importance of developing a comprehensive program to protect it.
10. Managing the digital identity lifecycle compliance
Everyone wants to access everything from everywhere. Cloud and mobile have further complicated access management and must be considered to create a comprehensive security strategy around access management. In this video, Beth emphasizes the importance of an ongoing access management plan as part of the overall security strategy.