|
|
| |
 |
| |
 |
| |
| Manage your Information
Security |
| Felix Mohan, CEO
- SecureSynergy |
| Posted on 12 Oct
2004 |
| |
| |
|
A comprehensive information security strategy
provides the vision to deliver a secure information environment.
It enables organisations to integrate information security
with business strategy and planning, and defines the framework
through which organisational information risks can be securely
managed.
A well-designed security strategy aims at leveraging best
information security practices to improve business performance.
People, processes and technology are the core elements of
the strategy. The security strategy aligns these elements
with one another and with the business needs in a manner that
can assure a secure information environment and provide competitive
advantages.
To manage your Information Security:
|
| |
 |
Understand clearly that information
security is first and foremost a business problem, which
requires being resolved like any other business uncertainty
- in terms of risk management.
|
| |
|
|
Know that information security cannot
be achieved through technology alone; and though security
solutions have a technological component, the larger
part (almost 80%) relates to managing people and process
uncertainties.
|
| |
|
|
Understand clearly that information
security is largely a people issue and that people are
the weakest link in the security chain - their awareness
can make or break the organisation's investment in security
technology and processes.
|
| |
|
|
Understand that information security,
like any other business process, is effective only when
based on reliable information and a sound strategic
plan. The plan has to be developed using the right standards,
policies and technologies and communicated to each person
in the enterprise.
|
| |
|
|
Make sure that you have an ongoing
monitoring process to see that the security plan and
solutions evolve to meet changing business needs.
|
| |
|
|
Acknowledge that security threats and
breaches can seriously undermine share price and stakeholder
confidence, and can result in significant financial
losses.
|
| |
|
|
Effectively demonstrate the value of
information security in business terms to the Board
and top management, and communicate a clear business
case for investments in security.
|
| |
|
|
Know that the key element of governance
is monitoring performance, and a prerequisite to monitoring
is measurement of security goals, policies, compliance,
spending, and ROI.
|
| |
|
|
Be fully aware of the powerful effect
of information security on business strategy, and take
an enterprise-wide view by collaborating with other
business heads in planning and devising security budgets,
plans, and strategies that can benefit the company as
a whole.
|
| |
|
|
Keep your security strategy in step
with your business strategy and changing security environment.
|
| |
|
|
Look beyond your immediate organisational
boundaries to the extended enterprise, and understand
its contribution to achieving effective and enabling
information security.
|
|
| |
| |
| |
| Posted
on 12 Oct 2004 |
| |
|
| |
| |
|
|
| |
| |
| |
| |
|
REPRINT INFORMATION
The above article may be reproduced in its entirety
in any medium on the condition that the content remains
unaltered (including author credit) and the following
line is displayed prominently as a link —
"Content courtesy: www.securesynergy.com".
Please fill the 'Request for Reprint' form by
clicking here.
|
|
| |
| |
|
| |
| |
| |
| |
|
|
