Narrado – Sesión 3: miércoles, 25 de marzo de 2015.

ANALYSIS ID BEFORE PLAN

PERCENT

IMPROVEMENT NEW VALUE

Quality Management worksheet completed for this element? (check box)

Employees

Categorize and identify encryption requirements for employees based on organizational roles.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Address any specific encryption requirements that are driven by the need to allow group collaboration on information.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Educate employees on the importance of remembering and protecting keys and

passwords used to protect keys.

Customers

Identify customer information that is particularly sensitive to the company or considered private for an individual as candidates for encryption.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Develop an encryption plan for sensitive and private customer informa tion.

Owners

Consider encryption as a means for protecting corporate assets and drive requirements accordingly.

Worksheet 3.12 Business Worksheet for Encryption. (continued)

Identify any laws in your country or multinational laws, if applicable to your company, relating to the import, export, or use of encryption.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Specifically consider the need to encrypt sensitive financial information that is considered company confidential.

Suppliers and Partners

Identify information exchanged with suppliers that may have hidden value to competitors. Consider encryption needs.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Consider the use of encryption with partners as one way to drive home the importance of protecting intellectual property.

Information

Consider encryption needs from the perspective of information and not networks, applications, and servers.

Infrastructure

Take the inverse view and look at encryption needs for infrastructure and not information. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ What new infrastructure components are needed to implement encryption per your requirements?

BUSINESSPEOPLE: CUSTOMERS

Protect private customer information held by your organization. One common method to achieve this is through encryption.

BUSINESSPEOPLE: OWNERS

Help owners to protect corporate assets, operate in accordance with the law, and manage public perception. Encryption of anything relating to assets, such as intellectual property and financial matters, is of partic- ular importance to owners.

BUSINESSPEOPLE: SUPPLIERS

Consider integrating important suppliers into your encryption plan where practical. You may need to exchange information privately with your suppliers, such as those providing high-volume raw materi- als to your organization. Keep in mind that information about your organization’s buying habits can be of great value to those gathering information about your company. They may be able to predict how well your company is doing and thus affect, in some negative way, for example, the value of your stock. Or they may be able to predict your next big product or service. What you buy says quite a bit about what you are planning and where you are at. This is an often overlooked area of security.

BUSINESSPEOPLE: PARTNERS

Encourage the concept of security and property with your partners.

One way to do this is to drive them toward implementing security mechanisms around any sensitive information you exchange with them. One of the biggest security holes in organizations is created through partnerships because most organizations don’t have any requirements for how partners protect their sensitive information, other than through the signing of a nondisclosure agreement or other partnership agreement that highlights legal requirements but says nothing about operational and procedural expectations—other than that “something should be done.”

BUSINESS: INFORMATION

Identify high-impact information that needs to be encrypted. Organize information according to business functions in your organization, such as accounting, human resources, product management, and so forth.

BUSINESS: INFRASTRUCTURE

Determine how your infrastructure is affected and what new require- ments exist to implement your security plan. Performance, key management, reliability, security of key management components, quality of encryption implementation, and operational interfaces are all fundamental aspects of your encryption plan.

Selling Security

Use Worksheet 3.13 here.

EXECUTIVES

Draw comparisons. Referencing your impact analysis, give examples of existing company information routinely sent and/or stored in the clear (unencrypted) today. Demonstrate how easily it can be compromised. Associate a cost with that loss. Describe how a sound encryption plan reduces potential impact. Show a path toward increased savings and efficiency by allowing transactions conducted manually today to be implemented electronically in the future.

MIDDLE MANAGEMENT

Give specific examples of how encryption is integrated into the work- flow process, either transparently or overtly by employees and man- agement. Help managers understand any productivity impact from encryption, then point out the benefits, such as the ability to conduct sensitive transactions electronically that are done by hand today. Staff members may be required to play a role in key storage and management, as would be the case if, for example, they needed to carry a key with them on a smart card or floppy disk. If so, then managers need to be aware of this so they can factor in any required training and support.

STAFF

Spell out exactly what they need to know about encryption and/or where they actively need to engage it. In the event that employees need to be aware of encryption at all, such as if they are required to carry a smart card, then they need to be sold on the value of encryption in a manner similar to middle management: Communicate the value of the decreased impact and the potential for the automation of future tasks that are today performed manually due to electronic security concerns. Prepare staff for any training, policies, and procedures they may need to be aware of if they must manage keys.

Worksheet 3.13 Selling Security Worksheet for Encryption.

Selling Security Worksheet for Encryption

In document El desarrollo del pensamiento táctico en educación primaria (página 76-81)