Bring "it crisis management" into the enterprise strategic planning
let's first look at a set of figures. According to the latest security report, the data leakage caused by internal reasons reached 46% in 2010, twice the previous year; A survey of 1600 users including the United States, Britain, Germany and Japan after the steel strand clamp package showed that viruses, Trojans, data theft malware and data leakage have become the top it issues of concern to enterprises, with 56% of enterprises concerned about data leakage; According to another survey, in China, at least 49% of enterprises had more than one data leak in 2010, and 38% of Chinese enterprises said that security incidents had brought economic losses -- various signs show that internal disclosure has become another focus of attention for enterprise information security after hacker attacks, from which the concept of "it crisis management" of enterprises was derived and included in the long-term strategic plan
the scope of "it crisis" is very large, ranging from natural and man-made disasters, to system crashes, attacks of viruses and Trojans, and even hackers' intrusion, artificial leakage of internal data, etc. Of course, natural and man-made disasters are inevitable, but internal factors are impossible to prevent. Therefore, more enterprises begin to incorporate "it crisis management", especially the artificially controllable crisis management, into the scope of enterprise strategic planning. At the same time, such as guofu'an security document management system (GFA EFS), security is beneficial to the development of the industry link access gate (GFA IPASS) Information security products such as identity and access security centralized management system (GFA IAM) to prevent internal intrusion and prevent data leakage also came into being
"it crisis management focuses on prevention." This is a sentence often emphasized by the expert team of China international e-commerce center of the Ministry of Commerce and guofu'an company to enterprise users. So, how to cut into "it crisis management"? We can start from "one idea", "two points" and "multiple measures"
first of all, we must embrace a premise idea: we are not afraid of innovation and change. Change is not necessarily destruction. Crisis can also form a turnaround. The focus of "crisis management" is to change before environmental change and adjust before environmental adjustment, so as to make enterprises in an invincible position
"two key points" means that "creating value" and "protecting value" are both important -- "preventing small things from happening" emphasizes the proper preservation of "value". It is true that the benefits of enterprises need to constantly "create value" to advance by leaps and bounds. However, while constantly striving for new value, we must always be vigilant to ensure that the existing achievements are not fatally damaged due to internal leaks and other reasons. This is the value brought by "information security" to enterprises. This "second point" is particularly important in Fortress departments and high-tech industries
"multiple measures" refers to the specific measures of "it crisis management", which need to be formulated according to the characteristics and needs of different enterprises. For example, in many practical cases, the power sector, education sector, financial industry, communication industry, etc., which have high internal security requirements, have adopted guofuan digital certificate (GFA CA) to build an authentication system, and even through the project solution of combining digital certificate (GFA CA) with secure link access gate (GFA IPASS), identity authentication is the first difficulty for enterprises, It also enables the transmission and access of information to be carried out through encrypted channels, which ultimately enables the safe implementation of bidding, office, e-commerce, value-added business level 3, toothed rod twists and turns: straightening or replacing toothed rod platform; Government departments, manufacturing industry, communication industry, financial centers, etc., which have high requirements for convenient internal office management and safety coefficient, have adopted the identity and access security centralized management system (GFA IAM), and a variety of authentication methods have guarded the internal "gate". The employee identity lifecycle management function can realize the behavior control of internal personnel, and effectively improve the overall information intensity and height of the enterprise; For government agencies, business fields, manufacturing, high-tech industries, etc., which have a lot of confidential documents, they often add and deploy guofuan security document management system (GFA EFS) to prevent the leakage of internal data. After deployment, unauthorized users provide "how to obtain a new type" household documents, which only display garbled codes, and copying, printing, transmission and other operations are carried out according to permissions; In addition, with the continuous warming of "cloud computing", the virtualized application system (GFA Vpass), which can stably and quickly realize mobile office and save the overall hardware cost of enterprises, has been warmly discussed and welcomed by users in media, government departments, communications and other major industries once it is listed
in fact, the concept of "it crisis management" is not "new", and "new" is highly implemented. No matter how bright the industry prospect and professional the business are, as long as there is data and human beings at the same time, the existence of "it crisis" will never be avoided. Many enterprise decision makers lament that it management "has no success or failure". We can only say that opportunities always come from forward-looking decisions, between crisis and turning point. It is time to choose authoritative and professional information solution providers, incorporate "it crisis management" into the enterprise strategic planning and focus on Cultivation and operation, so as to provide a long-term guarantee for the future development of the enterprise! (end)