Enterprise Information Security is receiving a lot of attention these days. Especially with the wide reach of media and Internet, Enterprise Information Security Incidents get maximum coverage in no time. Enterprises and government entities are under continuous attack and many of them have no clue on how to take this forward. These attacks range from website defacement to financial fraud to Internet worms and viruses. Ability to exploit the common software programs such as Java run time, Internet browsers and adobe reader etc… are increasing in an alarming way.
Being Information Security professionals working with enterprises and governments, how do we get this straight? The fastest way to progress in ensuring enterprise information security is by identifying the threats to the enterprise information security. Key areas to look for are:
How is that being currently protected? What security architecture would help further protection? Once we have this information, it gives an advantage on how to proceed further with the implementation or enhancement of enterprise information security.
The next would be to build an information security architecture based on the Defence in Depth principals. Key Components of Defence-in-Depth based security architecture includes:
- What is the business model and architecture of the organization?
- What is the information architecture? How does it change hands?
- What is the technology architecture?
These components can be split into multiple sectors like
- Compliance Management
- Risk Management
- Identity Management
- Authorization Management
- Accountability Management
- Availability Management
- Configuration Management
- Incident Management
The role of information security in the business world is increasing and has never been so important. Failure to ensure enterprise information security is more costly and /or more subject to public scrutiny. Your organization is compared with other organizations as to how secure are the other organizations than yours when there is a security incident, which leads to a brand reputation issue.
Every organization shall embrace the practices to ensure that the Enterprise Information Security is ensured. What are the challenges you have faced in implementing Enterprise Information Security?
- Administrative controls: Enterprise Information Security policies, procedures and other documentations.
- Physical Security controls: Physical Access controls to the information and information processing areas
- Technology control components: The IT Security controls needed for the implementation of enterprise information security