Protecting your information requires decisions at a level higher than IT—decisions by people with the authority and the spending power to back them up.
You need to appoint a Security Officer. It need not be a technically-trained person. Working with a team that includes HR, Finance and IT, your Security Officer’s job is to understand the security framework and make sure everyone is living by it.
The Security Officer can’t be a consultant. It has to be someone inside the company and high enough up to give direction to all departments.
If your company’s systems grow to a certain size and complexity, you will also need a Chief Information Security Officer (CISO) who is trained in both security and IT management. This job can be filled by a consultant, and because the mean salary for CISO’s is over $200,000,1 many companies use part-time consultants as “virtual” CISO’s. BCSS can provide someone with long experience as a CISO to do it for you.
Never stop working on security
Security isn’t a solution you boot up and leave alone. Your people, your customers, your technology, laws, and the power and sophistication of cybercriminals are changing all the time, so your way of protecting your data has to change with them.
Security is not an end-point, it’s a process with three different phases that must be continually repeated: Assessment, Remediation, and Monitoring. BCSS can handle any one or all three of them for you.