 |
|
Introduction |
|
|
| Today it’s an era of cutthroat competition and organizations need to be conventional and meet the terms with a number of authoritarian and legal requirements. In addition, they are bound to make sure that the data confidentiality and securing information in an organization is a intricate, continuous process. Information security is a pressing need. In today’s world, IT has a major role in generating, accessing, processing, storing and transmitting sensitive information. A compromised, unsecured IT environment and statutory non-compliance will affect the ability of an organization whole system to be competitive. Be it antiquates processes or bequest product lines, an enterprise faces a number of challenges in ensuring overall security and also comply with legal and authoritarian requirements. Enterprises outsourcing services to external service providers also face similar concerns. Information Security standards like BS 7799 and regulations like SOX, HIPAA and SAS 70 stress on implementing adequate controls to secure confidential and sensitive information where ever it exists. These regulations leverage best practices to ensure secure exchange, transmit and storage of sensitive information inside and outside the organization. |
|
| Infynita Competency |
|
 |
Security, Compliance and consulting. |
|
|
Technical Business Solution. |
|
|
Development of business solution. |
|
|
Integration with existing business solution. |
|
| Challenges of Security and Compliance: |
|
|
Increasing burden of compliance requirements falling on IT departments. |
|
|
Lack of insight regarding where vulnerabilities exist in the enterprise, and whether security risks are increasing or decreasing over time. |
|
|
Failure to respond to the ever growing list of new vulnerabilities due to flat IT security staffing. |
|
|
Protecting corporate information from external and internal threats (intellectual property, financial data, customer information). |
|
|
Inability to proactively secure traveling systems, such as notebooks. |
|
| BENEFITS OF USING THE STANDARD |
|
| The Standard provides a set of high-level principles and objectives for information security together with associated statements of good practice. They can be used to improve the level of security in an organization in a number of ways. For example, an organization can use the Standard to: |
|
|
Replace or augment their own standard for information security (many ISF Members use the Standard in this way) |
|
|
Integrate parts of the Standard into their organization to complement and strengthen existing business processes |
|
|
Assess their performance in information security (e.g. to verify that their current information security arrangements are complete and up-to-date) |
|
|
Support security audits/reviews |
|
|
Enhance security awareness programmes |
|
|
Check compliance with industry standards |
|
|
Provide authoritative reference material for particular initiatives |
|
| Implementing the Standard can help organizations to: |
|
|
Move towards international best practice |
|
|
Manage the breadth and depth of information risk |
|
|
Build confidence in third parties that information security is being addressed in a professional manner |
|
|
Reduce the likelihood of disruption from major incidents |
|
|
Fight the growing threats of cyber crime |
|
|
Comply with legal and regulatory requirements (e.g. ISO 17799) |
|
|
Maintain business integrity |
|
| Keeping the business risks associated with the information systems under control within an enterprise requires clear direction and commitment from the top the allocation of adequate resources, effective arrangements for promoting goods information security practice throughout the enterprise and establishment of a secure environment. A critical business application requires a more stringent set of security controls that any other applications. By understanding the business impact of a loss confidentiality, integrity or availability of information. It is possible to establish the level of criticality of an application. This provides a sound basis of identifying business risks and determining the level of protection required to keep risks with acceptable limits. |
|
