For every organization information is the most vital part. Now a day the most challenging job for every organization is Information Security. When we say Information Security it means Information Security in Internet.
Now a day’s productivity improvements and competitiveness are being driven by the networked enterprise organizations connecting up, communicating and doing business in real time with customers, partners and suppliers wherever they are located. But at the same time, today’s business environment is also characterized by risk and uncertainty. Customers, shareholders and partners are understandably placing a premium on businesses that are secure and protected. Every organization has to cope up with daily threats such as virus attacks, basic human errors and security policy enforcement. Security should be designed to minimize and control the impact of human errors, harness the power of leading products and technologies but must also be carefully crafted, integrated and underpinned by rigorous procedures.
An effective corporate security strategy will be judged on well it protects the value generating assets of one’s organization. Including people, information, processes, technology, systems, networks and buildings enterprises need to accept wide policies and process:
1) Strategic risk and vulnerability assessment across the enterprise.
2) Deployment of resilient IT and network infrastructure.
3) Contingency and recovery plans to minimize the impact of disruption
4) Regular training, rehearsal and audit.
If one gets these elements right it will go well on the way to reaping the benefits of running a secure and protested business. Deploying the right technical solutions is vital, but far from sufficient. In this area there is a great demand of skilled people to help in the event of a crisis along with having the right policies and processes. This is the only way to ensure that risk is being properly managed.
For many work to be done, challenges are must. And when we talk of security obviously challenges and threats are there. A threat to security major hampers organization from financial, social as well as from technical aspects. Whereas challenges are-
1) Implementing security
2) Maintain it
3) Take decision according to the organization situation
The most common challenges in implementing information security are
Speed of change and increasing sophistication of threats, Employee awareness, Internal availability of specialist skills, Budget, Availability of tools, security solution, Unclear roles and responsibilities (IT and Business ) , Senior business management support, Lack of information management strategy, Senior IT management support
As it is understood that information security threats involves viruses and unauthorized access to information or hacking are not the only one. In addition to this government and private intelligent community and the policies of information security that give major threat to information security.
Degree of risk is high in Aerospace & Defense, Electronics, Financial Services, Health Care, Information Services medium in Pharmaceutical,
Retail, Automotive, Chemical, Energy/oil and gases, Transportation, Wholesale low in Agriculture, Construction & Real Estate, Food, Beverages, Industrial Equipment.
Although there is no guarantee that any organization won’t get hit, but there are some key components on which Information Security manager has to take care of (Role)-
1) Identifying the risk. Determining Company’s most critical information, assets and spending his time and energy protecting what’s most important.
2) Getting the CEO involved. Good security has to start from the top, with executives who help create a corporate culture that values security.
3) Putting some in charge. Security is a complex job, so make sure some one is in charge of coordinating security efforts.
4) Developing and implementing a security policy. Establishing guidelines for how the company handles and protect data.
5) Educating employees and raising awareness among them.
6) Having a security audit done. Hire an independent third party to evaluate the security position and then apply the recommendations made by auditor.
7) Incorporating physical security in to the plan. The best security technology in the world won’t do any good if a well meaning employee allow the wrong person in to the server room.
8) Remembering internal threats. Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge.
9) Deleting the user account when employees quit or are let go.
10) Continuously updating and keep tracking of new developments in information security including new vulnerabilities and attacks.
11) Prepare for the worst creating an incident response plan to help you save time in the event of the security problem.
In working with both the private and public sectors, Unisys has created and deployed a Secure Commerce Blueprint across six different countries – Pakistan, Shrilanka, China, Hong Kong, U.S. , Brazil and Taiwan. The new Blueprint does more than just increase security. By integrating global supply chain networks , this blueprint offers greater real-time visibility and the ability to adopt and respond to all events, from a port strike or terrorist threat to a sudden market opportunity.
Information security professionals has to take care of –
Secure access to the workstation.
Secure access to the server
Single sign on- a) Activating the electronic signature, b) Activating data encryption
Today many organization demands an advance level of security for the new business process they are introducing to the workplace. There is need of new advance identification & authentication procedures to offer a high level of security appropriate for business processes and at the same time guarantees highest user comfort, massive cost savings and security investment.
The challenging world of Information security is open for the person who is ready to update their knowledge every moment.