Search in ISMS Guides


Saturday, August 4, 2007

Manage your Information Security

Felix Mohan, CEO - SecureSynergy

A comprehensive information security strategy provides the vision to deliver a secure information environment. It enables organisations to integrate information security with business strategy and planning, and defines the framework through which organisational information risks can be securely managed.

A well-designed security strategy aims at leveraging best information security practices to improve business performance. People, processes and technology are the core elements of the strategy. The security strategy aligns these elements with one another and with the business needs in a manner that can assure a secure information environment and provide competitive advantages.

To manage your Information Security:

Understand clearly that information security is first and foremost a business problem, which requires being resolved like any other business uncertainty - in terms of risk management.

Know that information security cannot be achieved through technology alone; and though security solutions have a technological component, the larger part (almost 80%) relates to managing people and process uncertainties.

Understand clearly that information security is largely a people issue and that people are the weakest link in the security chain - their awareness can make or break the organisation's investment in security technology and processes.

Understand that information security, like any other business process, is effective only when based on reliable information and a sound strategic plan. The plan has to be developed using the right standards, policies and technologies and communicated to each person in the enterprise.

Make sure that you have an ongoing monitoring process to see that the security plan and solutions evolve to meet changing business needs.

Acknowledge that security threats and breaches can seriously undermine share price and stakeholder confidence, and can result in significant financial losses.

Effectively demonstrate the value of information security in business terms to the Board and top management, and communicate a clear business case for investments in security.

Know that the key element of governance is monitoring performance, and a prerequisite to monitoring is measurement of security goals, policies, compliance, spending, and ROI.

Be fully aware of the powerful effect of information security on business strategy, and take an enterprise-wide view by collaborating with other business heads in planning and devising security budgets, plans, and strategies that can benefit the company as a whole.

Keep your security strategy in step with your business strategy and changing security environment.

Look beyond your immediate organisational boundaries to the extended enterprise, and understand its contribution to achieving effective and enabling information security.

No comments: