For the past six years Telus and the University of Toronto’s Rotman School of Management have collaborated on an IT Security Study of Canadian organizations. The 2014 report tries to find links between organizations following best IT security practices and their success in mitigating risk. But what does it mean to be what they call a security responsible enterprise? They follow these seven steps. See if your organization qualifies. Images from Shutterstock.

Eyes on the ball

They monitor and/or have rigorous procedures to act on new threat information

SLIDE wall of monitors SHUTTERSTOCK

Business focus

Understand the security drivers impacting their business


Train, train, train
Conduct regular security awareness training for employees


Security from the start

Involve security early and throughout the development of new infrastructure/systems


Cover social media

Communicate social media policies to their employees

SLIDE social media SHUTTER

Don’t forget mobile

Have or execute on a comprehensive mobile security strategy

SLIDE mobile security SHUTTERSTOCK

Test, test, test

Conduct enterprise mobility security testing and Threat Risk Assessments (TRA)

SLIDE security testing SHUTTERSTOCK

Previous articleTop nine ways to write safer software
Next articleTop 10 security threat patterns
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]