Companies need to think about securing the business?not just the network?to protect information assets. Steve Hunt, vice president of research at Giga Information Group, suggests that IT departments should proactively beef-up their security staff. While one headcount or number does not fit all, Giga outlines seven areas that companies need to address to form their security strategy.Best PracticesEmploy hardware and software standards. This will ensure lower staffing requirements and achieve greater efficiency. Reducing the number of disparate operating systems and applications will lessen staffing requirements and streamline processes. Assess security functions quarterly. Define a set of metrics to measure progress and get a baseline assessment?then use these metrics to consistently evaluate progress. Select measurements that reflect a number of perspectives. Consider the customer view (awareness and communication), an operational view (technical support, policies), an innovation view (skills, education), learning view and a financial view (funding, audit).Security StaffingIt is important to devote an adequate number of employees to security within your organization, particularly in technical support.