-
Assess your environment. What do you need to protect? What are you protecting against?
-
Understand priorities, budget, and available resources .
-
Perform a risk assessment and cost-benefit analysis.
-
Get management involved.
-
Set priorities for security.
-
Identify your security perimeter.
-
Develop a positive security policy. Circulate it to all users.
-
Ensure that authority is matched with responsibility.
-
Ensure that everything to be protected has an "owner."
-
Work to educate your users on good security practice.
-
Don't have different, less secure rules for top-level management.
-
Conduct a compliance audit.
-
Outsource when appropriate, but with great care.