IT Security Resellers inside the Organisation Critical Information Asset Framework Initiatives
The way organizations operate and interact with each other has drastically changed with the advent of the digital revolution. Over the years, the impact of technology has been profound in financial services which are seeking to maintain competitive advantage, gain market share and satisfy evolving customer demands. Businesses around the globe are pursuing digital transformation and India is catching up on digital transformation due to Government policies. A shift from the traditional business model to a real-time, online, customer-centric digital model has led to high customer expectations delivered through various real-time, digital channels.
Understanding Critical Information Assets:
The organization should recognize that information is a critical asset and has to managed, controlled protected from unauthorized use, disclosure, modification, damage and loss. Additionally, information assets must be available when needed, particularly during emergencies and times of crisis. The organization has to develop or enforce guidelines to reduce the risks commonly associated with heterogeneous computing environments. It should set priorities on how the organization can efficiently and effectively address the management, control and protect the information assets.
The Cyber Security Office utilizes a methodology that establishes Cyber Security requirements based on risk assessments. Once risk is determined the mitigation controls are identified and resourced. Security Management, compliance, cloud security and system security all are impacted when a cyber breach occurs. Any cyber security breach is directly related to financial loss of a company due to Information, reputation, operational, legal and opportunity loss. Organizations can reduce the risks to their business by building up capabilities in three critical areas – Prevention, detection and response.
• Installing fundamental measures, including placing responsibility for dealing with cyber crime within the organization and developing awareness training for key staff.
• Detecting strange patterns in data traffic through monitoring of critical events and incidents and data mining.
• During an attack, the organization should be able to directly deactivate all technology affected. When developing a response and recovery plan, an organization should perceive cyber security as a continuous improvement process and not as a one-off solution.
Management Role in Cyber Security
Ensuring that the enterprise is sufficiently protected and prepared to deal with a security breach is a vital board duty making cyber security a practical extension of the board’s responsibilities. It’s vital for all board members, regardless of technical background, to participate in ensuring the right policies and practices. The senior management should focus on “strategy, policy, and management oversight” that includes everything from office Staff to CXO level executives to train them over cyber security and the organisations risk management plan.
Key Initiatives for Cyber Security Framework
• Develop Security Policy and Guidelines framework
Develop and launch a suite of Cyber Security policies and guidelines based on the ISO/IEC27001 code for Information Security and supported with COBIT, ISO 22301 and ISO 20001 standards. These frameworks and certifications will formally establish the organizations Cyber Security Program and set forth employee responsibility for information protection. The Key Benefits are-
• Clear security baselines for all departments
• Policy based foundation to measure results
• Consistent application of security controls across the enterprise
Identity and Access Management
A flexible Identity and Access Management system is capable of managing the vast heterogeneity of business, providing authentication and authorization services to enterprise and departmental IT solutions. The key benefits are-
• Better security through uniform and repeatable access control processes
• Reduced potential for security breaches and fines due to non compliance
Network and System Security Architecture
Tiered security architecture provides ability to separate resources based on their data, business criticality and function. The key benefits are-
• Improved security by applying technical safeguards that enforce policies.
• Ability to determine high risk areas and focus security resources
Cyber Security Awareness Training
Cyber Security awareness training serves to inform employees of their responsibilities for protecting the information in their care. To further engage the user community, the security office has to work to develop a variety of information-sharing forums to include electronic and live mediums.