For the past six years Telus and the University of Toronto’s Rotman School of Management have collaborated on an IT Security Study of Canadian organizations. The 2014 report tries to find links between organizations following best IT security practices and their success in mitigating risk. But what does it mean to be what they call a security responsible enterprise? They follow these seven steps. See if your organization qualifies. Images from Shutterstock.


Eyes on the ball

They monitor and/or have rigorous procedures to act on new threat information

SLIDE wall of monitors SHUTTERSTOCK


Business focus

Understand the security drivers impacting their business

SLIDE office SHUTTERSTOCK


Train, train, train
Conduct regular security awareness training for employees

SLIDE training SHUTTERSTOCK


Security from the start

Involve security early and throughout the development of new infrastructure/systems

SLIDE software code SHUTTERSTOCK


Cover social media

Communicate social media policies to their employees

SLIDE social media SHUTTER


Don’t forget mobile

Have or execute on a comprehensive mobile security strategy

SLIDE mobile security SHUTTERSTOCK


Test, test, test

Conduct enterprise mobility security testing and Threat Risk Assessments (TRA)

SLIDE security testing SHUTTERSTOCK



Previous articleTop nine ways to write safer software
Next articleTop 10 security threat patterns
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com