Determine where your business is at risk, develop policies that match up with your needs and goals, and then see if technology can be used to assist in policy enforcement. Edmund Burke said, "All that is necessary for triumph of evil is that good men do nothing." So do something to get started. This is the only way you can ensure that your IT and security dollars are being spent wisely. You and management might be pleasantly surprised that a ton of money does not have to be spent to attain reasonable information security. That’s a pretty good way to start off the New Year if you ask me.
Kevin Beaver is an independent information security consultant, author, keynote speaker and expert witness with Atlanta-based Principle Logic LLC, where he specializes in performing independent information security assessments in support of risk management and compliance. He has authored/co-authored seven books on information security including the brand new “Hacking for Dummies,3rd edition” and “The Practical Guide to HIPAA Privacy and Security Compliance”. He is also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Kevin and link to his blog and Twitter account at his Web site www.principlelogic.com.