Data Security Checkpoints You Might Be Missing

Data Security Checkpoints You Might Be Missing | Loffler

Information security is so much more than making sure firewalls and anti-virus are up to date. While these technical controls are important to your overall security plan, they do not tell the whole story.

We have focused recent blog posts on how a FISASCORE is a comprehensive measurement of risks to information security. Today we are going to dive in to the specifics of what that means.

The FISASCORE assessment looks for vulnerabilities, weak points and deficiencies in your information security with the ultimate goal of protecting the confidentiality, integrity and availability of information.

What makes a FISASCORE security assessment comprehensive?

To be truly comprehensive, you need to look at more than just the technical aspects of security, which have to do with hardware and software. To look at the whole picture of your information security, there are really three controls to consider, and the FISASCORE assessment looks at all of them:

Technical Controls

Technical controls are what you probably picture first when reviewing information security. These have to do with your IT hardware and software and are divided into two sub-categories: internal and external.

Internal technical controls protect information within your network.

  • Firewalls
  • Intrusion prevention systems
  • Anti-virus software
  • Mobile Device Management (MDM)
  • Usernames/passwords
  • Security logs
  • Access controls
  • Data encryption
External technical controls protect outside access to your network.

Administrative Controls 

Administrative controls include organizational processes, policies and procedures and the humans behind them who choose, develop, implement and maintain security practices in your environment. People are the biggest weak points in your network, and the more you can educate them and give them standards to adhere to, the more secure your information will be. Administrative controls can include:

  • Policies, such as requirements to lock computer screens while unattended
  • Awareness training and education
  • Guidelines
  • Standards
  • Procedures, such removing network access during employee offboarding
  • Appointed security officers
  • Internal audits
  • Business continuity plans
  • Reporting of security breaches

Physical Controls 

Physical controls have to do with your building security. Security measures are useless if your files or servers are physically stolen or destroyed. A FISASCORE assessment will look at physical controls, such as:

  • Locked doors
  • Camera surveillance
  • Alarm systems
  • Backups stored offsite
  • Employee ID badges
  • Locked file cabinets
  • Restriction of employee access to sensitive areas
  • Measures to prevent fire and flood damage

By assessing these different control areas with a FISASCORE, you not only get the most comprehensive look at your information security risk, you also get a comprehensive report and action plan to address any control areas that might be lacking. The size, complexity and function of your organization will determine the extent of the technical, physical and administrative controls you need, as will the type of IT infrastructure you have and your industry’s compliance requirements.

It is common for organizations to spend their budget and time on technical controls, while administrative and physical controls are lacking. This oversight can have dramatic impacts on your security posture. You do not have to be an IT expert to understand the value of each of these controls to your overall information security.

Find Your FISASCORE Assessment Estimate Now

Read Next: Ten Reasons You Need a FISASCORE

Joe Dashow

Joe has been part of the Loffler IT leadership team since 2015 and has a deep background in enterprise software with experience spanning the areas of Unified Communications, Workflow Automation, Contact Center, Collaboration and ERP/SCM/WFM. A little known fact? Joe used to be the drummer in a blues band called the Electric Trane.

Related Posts

Moving to the Cloud: Our Advice on Choosing a Cloud Provider
Moving to the Cloud: Our Advice on Choosing a Cloud Provider
Five Common Cyber-Attacks in Images
Five Common Cyber-Attacks in Images
Understanding the True Role of the IT Department
Understanding the True Role of the IT Department
Should You Ditch Your Current Password Policy?
Should You Ditch Your Current Password Policy?