Information Security is a process, not a product. Security products such as anti-virus scanners, or firewalls, provide protection, but it is essential to put processes in place to leverage their capabilities, and ensure they are being used effectively by providing security awareness training for your staff.

Your aim should be to reduce your risk of exposure. This is a continuous activity as, unfortunately, there's no such thing as perfect security. Interestingly, that's not necessarily a problem, as security doesn't have to be perfect, but the risks do have to be manageable. Security processes define how you avoid risk. Just as you use the processes of bookkeeping and external audits to secure your financial records, you need to use a series of security processes to protect your IT infrastructure and assets.

These processes are not a replacement for security products, but they do help mitigate the risks. Security processes are necessary to recover from a compromise and stay in business.

Taking information security seriously is no longer an option. If you have personnel, or client confidential information, on your network, it is even more important to secure it. Since the implementation of the Data Protection Act, it is the responsibility of the MD and Network manager to ensure that any such data is kept safe and secure. They could be liable to a fine, and in some circumstances imprisonment, if they are found to have neglected this.

Cobweb Applications can help you get to grips with your information security, and put you in a position of knowing what your risks are, and how you are protected against them.