Last week, I was in the middle of telling you about the eight steps you need to take to create an integrated business security framework, when I had to stop. I had just gotten through the first two steps - analysis of business needs and security infrastructure coordination. So let's pick up from there with Step 3.
Step 3. Determination of Risk Level
Determine the level of protection you must apply to each security issue - low/medium/high - based on the nature of your industry or business. Risk level will dictate solutions and applications.
Step 4. Application to Personnel
Many security breaches are the result of deliberate or careless acts or omissions of the individuals you employ. So, you must integrate proactive and preventive countermeasures into your personnel operations from hiring to firing. This will include:
- Well-written employee / contractor / subcontractor agreements;
- Confidentiality agreements;
- Identification of vulnerable position screening modalities; and
- Creation of education and information memos for employees.
Step 5. Application to Environmental/Physical Security
Identify the biological, chemical, physical and environmental hazards within the working environment. This generally involves measures such completing workplace hazard audits and inspections and colour coding each security issue appropriately
Step 6. Application to Hardware/Software
Storing and protecting business information on (non) removable or portable devices is essential for data integrity across the business network. Key devices include cell phones, computers, laptops, blackberries, pagers, USB data storage devices, floppy disks, external zip drives, email and internet access offsite, wireless connection. Identify all modes of data storage/transportation across your company and address appropriate security needs for each.
Step 7. Controlling Access to Information
Define which employees in your organization will have access to which information. Determine what technological and administrative measures to use to monitor and enforce access controls within budgetary constraints. For example, consider use of ocular, fingerprint or voiceprint access mechanisms which are becoming more affordable and thus more widespread. Other measures:
- Password and User name integrity - mandatory password change;
- Rules governing the downloading of files to work at home or overtime; and
- Information restrictions, which needs what and why - tier system initiation.
Step 8. Ensuring Compliance
This involves accomplishing what I call unified policy integration. It involves integrating practical measures to ensure compliance with legal requirements including in the following areas:
- Copyright and other forms of intellectual property;
- HR records management;
- Personal privacy; and
Hopefully, these guidelines will give your business not just the means of survival but a competitive edge. Best of all, they can help you create an appropriate information security network for your company no matter how big your company happens to be.
HISTORIC MOMENTS IN WORKPLACE SAFETY
The History of Hand Washing
By Greg MacDonald and Glenn Demby
For many of us, this is the time of year for holiday feasting. And just before we sit down for our Easter meal or Passover seder, we will be washing our hands - just like we do before every meal. In fact, washing hands is something most of us take for granted as just plain good hygiene. But did you ever wonder where the practice came from?
Human beings have been washing their hands for thousands of years. But acceptance of the practice took a long time. Here are some highlights from the history of hand washing:
- c. 1500 B.C.: The Old Testament describes a strict code of sanitation created by Moses for the Hebrews.
"Dr. Ignaz Semmelweis: Early practitioner of hand washing who proved the truth of the old saying 'No good deed goes unpunished'."
- 1100 AD: In one of the first references to the practice, the Egyptian physician Moses ben Maimon writes: "I dismount my animal, wash my hands, go forth to my patients" And: "Never forget to wash your hands after having touched a sick person."
- 1843: Harvard professor Dr. Oliver Wendell Holmes, (father of the famous Supreme Court Justice) publishes an essay on proper hand hygiene for doctors. But his colleagues greet it with scorn.
- 1847: Dr. Ignaz Semmelweis requires the staff of his Vienna hospital to wash their hands in a mixture of chlorine and water before and after seeing patients. Patient mortality rates drop from 12 to 3 percent within six months. But the doctors complain, the practice is dropped and poor Dr. Semmelweis gets fired for his troubles.
- 1879: At a seminar at the Academy of Medicine in Paris on the high rate of deaths to mothers in child birth, a man in the audience raises his hand and shouts in protest at the speaker: "The thing that kills women with [childbirth fever]... is you doctors that carry deadly microbes from sick women to healthy ones." The man is shouted down. His name: Louis Pasteur, inventor of pasteurization and the scientist who would help prove that germs cause disease.
- 1910: Dr. Josephine Baker starts a program to teach hygiene to child care providers in New York City. Thirty physicians send a petition to the Mayor protesting that the practice "is ruining the medical profession by... keeping babies well."
|Greg MacDonald is Manager of Health and Safety for ATCO Frontec Corporation, a Canadian company that provides worldwide logistics, site support and facilities management services for clients in government, defence and