Information system security (ISS): 9 best practices

sécurité-systéme-d'information

The information system (IS) represents an essential heritage of each organization. Hence, it is necessary to protect it against incidents and malfunctions. The information system security is to ensure the proper functioning of the hardware or software resources of an organization.

Information system security (ISS): what is it?

The information system security is an essential step in maintaining the continuity of business activities. It covers all the technical, human, organizational or even legal measures enabling the information system to withstand unforeseen events that may compromise its availability.

The information system security is not only the business of IT professionals, but it also involves business departments, particularly in defining security needs and implementing the necessary security measures.  

sécurité-du-système-d’information

9 tips to guarantee the security of the information system (ISS)

1- Adopt a strong password policy

The first of the protections that must be carried out is access control to workstations or files by identifier and password. Hence, the password used must be individual, not written on any medium and above all difficult to guess.

One last tip: your password must contain at least 8 characters, between numbers, letters and special characters and it is preferable that it be renewed frequently.  

2- Secure workstations

Users must lock their workstation before leaving their desk. On the other hand, the workstations must be configured so that they lock automatically after a certain period of inactivity (10 min maximum).

3- Identify precisely who can access files

It is also necessary to think of limiting the access to private data only to the agents that they need it to carry out missions. When an agent is assigned to a new position, his superior must identify the files to which he needs access.

4Ensure the confidentiality of data vis-à-vis subcontractors

In this context, Tunisian law requires the inclusion of a confidentiality clause to be provided for in all subcontracts. Hence, it is essential that the interventions carried out by service providers on your information system present guarantees in terms of security and confidentiality and are carried out in the presence of an IT department agent.

One last piece of advice: an information systems administrator does not necessarily need access to all of the organization's data.

5- Securing your local network

We generally protect our information system against external attacks. Hence, the first level of protection consists in setting up specific security devices, namely firewalls, filtering routers, etc. E-mail must also be the subject of particular vigilance. Connections between a company's remote sites must be done in a secure manner, over channels secured by a VPN (virtual private network) or other technologies.

Finally, Internet access to administration tools requires strong security measures, in particular through the use of HTTPS, IPsec, etc. protocols.

6- Securing physical access to your premises

Access to sensitive premises, in particular computer and network server rooms, must be subject to special security: keyed doors, access by name badges, etc.

7- Anticipate the risks

The loss or disclosure of data can have various origins, such as theft of computers, employee errors, fire or water damage. Therefore, care must be taken to store all your data on storage media stored in a separate room. Servers hosting sensitive data must be equipped with a fault tolerance device and a whole procedure must be described to be followed to quickly restore these servers in the event of a major disaster. The other media (computers, USB key, etc.) must be secured by encryption, given the sensitivity of the data they can store. End-of-life equipment (computers, copiers, etc.) must be physically destroyed or purged from their hard drives before being discarded.

8- Make users aware of “IT risks”

The main security risk is human error. Employees and agents must therefore be made particularly aware of the various security risks associated with the use of databases, through training,

9- Mention in a document the security policy of the information system

All the rules on the security of the IS must be mentioned in a standard document "IT charter" which will be distributed to all the employees of the company

TREAKOR: Reference in information system security in Tunisia

Treakor, a reference in consulting and integration ISS (Information System Security) in Tunisia, is committed to analyzing your IS and providing you with the advice and solutions necessary to raise the level of security of your IS, anticipate risks and consequently increase the productivity of your company.

TREAKOR can act as MOA (project management), to express the needs of users, or even in EOM (Project management) who offer technical solutions to these different needs.

Contact us!

Share on:

A project ? Contact us