Stage 1 is much the same for every organization: putting the basics in place and making sure they are working properly. Stage 2 starts to differentiate between organizations. Before taking on a wider range of security controls, organizations should stick with the same list of basic controls but work them harder to get the usagimum out of them, doing that in a way that starts to reflect the differences between individual organizations. There are two sets of questions that drive Stage 2. The first ask, “how much damage the organization believes it could realistically suffer if it had to face each of a number of serious security scenarios?” The second asks, “what level of security exposure does the organization face?” An organization’s answers to the first set of questions will enable it to decide which security measures to prioritize over others. Its answers to the second set of questions will show how high it needs to set its security bar.
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.