Seven habits of highly secure companies

Companies, like the humans who make them run, are creatures of habit. Some of those habits can make information systems more secure, rather than less. There's no such thing as absolute security, of course. But the seven best practices of highly secure companies are a standard against which CEOs can measure their organizations. "If you can't afford the security, you can't afford the project," says Rosaleen Citron, CEO of Toronto-based security firm WhiteHat Inc., citing a well-known axiom in the information security industry. On the other hand, "most businesses, big or small, can't afford to defend everything," says Mary Kirwan, an independent security expert in Toronto. Indeed, they would impede their productive business activity if they tried.

An effective approach to information security involves making choices. Companies must compromise, deciding what are the most important assets that need to be protected and then deploying a proportionate level of security around them.

Read Full Story