January is often viewed as a chance to start fresh and to improve on the previous year by making modest resolutions that hopefully we keep throughout the year.
For credit unions, January presents an excellent opportunity to step back and consider ways to strengthen our overall security posture. Following that review, our New Year’s resolutions will no doubt include something beyond a promise to eat better and exercise more.
Perhaps a resolution to invest in security training, more effectively probe for vulnerabilities, or re-evaluate monitoring of critical IT systems?
The following ideas, based on situations we have encountered in our core processing service, should contribute to a brighter, more successful and secure year ahead.
Invest in Security Training
A major security takeaway from last year: The realization that great information security requires genuine enthusiasm and a strong, ongoing commitment to learning. Can you imagine a stagnant security effort protecting your credit union from threats? I can’t.
As a New Year’s resolution, consider expanding your security training to include all staff. Ask your senior management team to encourage training activities, and to ensure that the training is appropriate for the trainees. There are many flavors of security training – from awareness to deep system analysis. Here are a few recommendations:
For Everyone – Security Awareness Training
Far too often, human beings are the weakest link in our security chain. No wonder that security awareness training is a critical component of any successful security program. Training enables you to educate the entire staff about current issues – from phishing attacks to the importance of shredding sensitive documents.
It’s also a great opportunity to remind staff to treat sensitive information as if it were their own, and to educate them on the significant costs associated with security breaches. Everyone should walk away with a fresh appreciation for the importance of security to your organization.
For Security Staff
Security personnel should consider taking the General Security (GSEC) course and certification offered by the SANS Institute, the most trusted source for information security training and security certification in the world. The course covers the most important topics in information security, from defense-in-depth to Web application security. It’s a great foundation for addressing security challenges in a broad range of business situations.
For the Techies
Your technical staff should be enriching their skills with courses and certifications offered by the SANS Institute and International Council of E-Commerce Consultants (EC-Council). These courses dig into operating system security, network security and firewalls, incident handling, penetration testing, wireless security and much more. Consider using these certifications to build expertise where you need it most.
For Auditing Staff
Greater familiarity with information technology and security issues can only help your personnel involved in auditing and IT governance. Consider courses offered by ISACA (Information Systems Audit and Control Association), ISC2 and the SANS Institute. Certifications earned through these programs can strengthen your auditing capability.
Probe for Vulnerabilities
Read more.....http://www.cutimes.com/2012/12/26/new-years-resolutions-for-cyber-security?ref=hp&utm_source=twitterfeed&utm_medium=twitter