Some critical policies regarding a strong security program include but are not limited to Senior Management support, policy, budget, resources, and authority. From a business perspective we need support from all of these areas just to be able to make a security program happen in the first place. Once we have all of these areas covered, we can move on to the foundation of our security program. We should always be trying to lower risks to what policy deems an acceptable level. Our program should be cost effective and not hold up business production. Our program must always be measurable. If we come across data or some issue that we cannot measure in some way shape or form, then we have a security risk that needs addressed. Some ways we can mitigate our risks in security is to set up a RAID so that if one hard drive goes down, we can get the data from another drive. Cloud backups are another useful way to save data from being lost. Firewalls and encryption methods are also great ways to mitigate threats to security. The most important policy to implement is to have everyone be security minded. Knowing threats are there and having all members of the organization aware of simple things like two factor authentication and locking computers when not in use can go a long way.

-Jacob Mannon