Starting from the assumption that 100% guaranteed total business security is a utopia, it is still good to remember that there is no security without a "security policy", as a strategic design, that organize confidentiality and computer integrity and manage all aspects related to it, from technical to business management, including confidentiality and data availability .
This means that it is not conceivable, for a company that wants to protect its assets, to look at IT security as a "one-time" business but as a set of activities that take account, for example, of actions such as identifying critical areas, risk management, systems and network, vulnerabilities and accidents, access control, privacy management, and compliance , damage assessment, etc . The definition of computer security must, first and foremost, must include availability and integrity of data and confidentiality, as well as information, and permissions.
Here are the three aspects that always focus on proper and adequate security management.
Availability of data, as a safeguard of information assets in the form of restricted access, usability, and confidentiality of the data. From a security management point of view, means reduce the risk of access to information (intrusions, data theft, etc.) is to acceptable levels.
Data integrity, as a guarantee that the information is not subject to change or deletion due to errors or voluntary actions, but also due to malfunctions or damage to the technology systems.
Computer security means managing security in such a way as to mitigate the risks associated with accessing or using the information in an unauthorized manner.
Corporate IT Security: Starting with the awareness (of all)
Talking today about security management in a company means bringing attention to a "discipline" that encompasses various topics such as risk management, prevention of aggressive initiatives, defense against threats and vulnerabilities, restoration of suffered damage, etc.
According to Symantec's 2010 Business Security Report, IT security now outgrows traditional crime, natural disasters, and terrorism as one of the major risks for large organizations. The report provides a comprehensive demonstration that current organizations are operating in a state of continuous alert. The main cause is that they are undergoing more attacks than the past (75% of all big companies have been infected with cybercrime over the past 12 months, and 41% find that these attacks were pretty or very effective).
Moreover, there is no doubt that the consequences of these attacks are becoming more and more relevant. The report found that in 2009, 100% of the large surveyed companies suffered various types of cyberattack attacks such as customer information theft, operational disruption, intellectual property theft, theft of credit card information clients. With cost implications (loss of productivity, revenue, customer confidence, lack of data required for operation).
Faced with this situation, it is surprising that a lack of awareness on security is still a common element in many organizations. Research carried out by the IT Policy Compliance Group demonstrates that the main cause of the negative outcome of compliance checks within organizations is the lack of employee awareness.
In my opinion, the best thing to mitigate the risks in general, and to ensure the confidentiality of the data, is to make "security a habit," understandable and accepted by everyone. For example, people who work with or collaborate with the company should be aware that even simple actions, such as browsing websites and clicking an Url or a link within an email, can put at risk the company.
Focus on data integrity
An important part of Security Management is data protection policies. To effectively protect IT integrity from internal and external threats, organizations must now adopt a risk-sensitive, proactive, content-sensitive operational security model that automates security procedures for data security, on the one hand, and the availability of data on the other.
From a strategic point of view, managing security in general, and protecting information, specifically, reducing the risk of violation means bringing the attention to:
Infrastructure Protection. At present, a centralized visibility is required on all systems so that it can be effectively managed and protected from new threats. In short, all this means to fortify all endpoints, protect e-mails, defend critical internal servers, as well as secure data backup and recovery. It is necessary to create a secure environment that guarantees IT confidentiality and is quickly recoverable in the event of endpoint problems, messaging and Web systems, which can counter the current and complex threats posed by malware, data loss, and spam.
IT Policy Development and Implementation. By classifying risks and defining business-level policies, organizations can more effectively enforce policies with integrated automation and workflow functions. In addition to identifying threats, workflow, and automation, you can remedy accidents that occur, or even better, anticipate them.
Proactive protection of information. Traditional computer security definition was aimed at protecting the network. To protect their information, organizations are currently adopting a focus on them. By focusing on the integrity of the data, you can understand where the information resides, who accesses them, how they are used and, above all, how to proactively prevent them from leaking. In this regard, reasoning in terms of security management means ensuring the highest level of risk reduction to automatically apply compliance with the data security policies and allowing organizations to "govern and control" the behavior of staff.
System Management. Security has to make life simpler by standardization, workflow, and automation, simple things that can be put in place to make sure security software works on more important aspects such as, patch management, and compliance checks.
A unified and multilevel approach to ensure confidentiality and data availability
At present, data confidentiality is at greater risk than in the past. In part, the reason is that targeted attacks against corporate IT integrity and the development of harmful code have reached their highest historical level. For example, in 2009, Symantec identified more than 240 million new malicious programs, with a 100% increase over 2008 (Symantec Internet Security Threat Report)
From a technological point of view, the trend in Security Management is adopting integrated systems that enable comprehensive, unified and multilevel security management, with a particular focus on automation in vulnerability detection and deviations from critical application security policies across the enterprise. Adopting a unified approach with integrated technologies guarantees companies the benefits of:
The accuracy of information and security control through increased corporate visibility through event tracking, event management, alert generation and reporting, management and control of security products (and their updates), etc.
Simplifying management with significant benefits on cost and time savings as well as increased productivity and administrative efficiency (with routine optimization and automation).
In conclusion, talking about Security Management from a technical point of view today means integrating active technologies that automatically analyze the behavior of applications and network communications to detect and block suspicious activities as well as computer security controls that allow stop specific activities of devices and applications considered at high risk for the organization, while maintaining the confidentiality of the data. It is all from a single point of government and control that, in turn, helps to reduce risks and provide greater visibility of the entire organization.
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)
Copyright 2013. John Giordani. All Rights Reserved.