Holistic Medicine

The Human Firewall Council advocates a systematic, holistic approach to information security management. What exactly does that mean? It means using a framework such as the ISO 17799 guideline, which maps out 10 critical areas to consider:

1. Security policyfor the development review, approval and implementation of security policies for the entire organization.
2. Organization of assets and resourcesfor organizing information security personnel, including advisers, steering committees and third-party access to the organizations IT resources.
3. Asset classification and controlfor the maintenance of asset inventories.
4. Personnel securityfor addressing personnel-related security issues, including procedures for recruitment and selection of personnel as well as definition of roles and responsibilities.
5. Physical and environmental securityfor preventing unauthorized access and damage to business facilities and equipment.
6. Communications and operations managementfor ensuring the optimum secure operation of information technologies.
7. Access controlfor controlling access to information technologies such as operating systems, networks and applications.
8. Systems development and maintenancefor developing security requirements during systems development, using encryption and digital signatures where needed and controlling source libraries.
9. Business continuity managementfor minimizing interruptions to business processes due to disasters and other similar events and for ensuring the recovery of business processes in a timely fashion after an interruption.
10. Compliancefor provisions that ensure compliance with laws, regulations and contracts.