Register now or log in to join your professional community.
IT Infrastructure Security
Information Security is responsibility of every user in the organisation. Based on three principles CIA looks goods on the paper but practically to maintain is a big challenge. There are two aspects to this question1) Hacking, here i would say that hackers cannot hack any system unless an insider is involved to provide information or access to outsider. Hence one should have a good policy to support these kinds of incidents.2) Data Loss, based on organisation to organisation retention of data varies and hence once should define a scalable backup solution based on the data requirement and it's importance. Here very important factor is that in the event of crash or data failure what is the time frame that a business can sustain and function and how fast the data should be available to start the business once again. Based on these factor one should invest in data storage and keeping in the budget allotted for this .
My excersize is below
Information Security is one of the fundamental activities at any organization and involves protecting assets, people, customers, vendors, reputation and business and political status.
Information security concerns with three aspects of information:
1. Confidentiality
2. Integrity
3. Availability
Information Security must be handled on several levels and endorsed by the Board of Directors. Information Security is the responsibility of each and every person in the organization, but ultimate responsibility resides with the CEO. Information Security includes several aspects:
- Policy, standards and procedures, which also include infrastructure and software baselines;
- Chief Information Security Officer (CISO) and his staff, who are managing day to day security activities and assessments
- Physical environment security
- Infrastructure security including network, hardware, communications etc.
- Secure development and acquisitions, including security embedded in SDLC;
- Communications security including data loss prevention, intrusion detection, log analysis and antimalware measures
- Cryptography and certificate management;
- Access security at all levels;
- Project management and personnel security;
- Security architecture and design;
- Data classification, hadnling and media sanitization;
- Disaster Recovery and Business Continuity;
- Security training, awareness and assurance programs.
Information Security nust be handled by professionals specifically trained in this subject and who received official certifications like CISSP or ISO.