With the advances of technology and the media hype surrounding security risks, one would assume that security would always remain at the top of Organizations' priority lists. Security assessments are conducted for our clients to provide them with a snapshot of their security postures, assessing their overall information security programme and corporate governance. The trends identified security specialists include the following: Technology is not enough Organizations' views on security are still primarily focused on hardware and software instead of implementing defence-in-depth strategies. IT departments authorise reactive short-term fixes without looking at the full context of any incidents, or they rely heavily on technology in lieu of programmes that include components of risk management, process, organisation and people. Organizations rely heavily on security perimeter technologies such as perimeter firewalls and VPNs, with much less focus on internal security. Perimeter technologies need to be expanded and the focus needs to be on internal security measures, such as Internal Segmentation, Intrusion Prevention, Vulnerability Management and Admission Control. Organizations are realising that in today's business environment, "an internal network is not much safer than an external network". Enterprises are required to provide more users with access to their network and information resources; they have to manage multiple levels of access to their information resources, based on the users' roles and responsibilities, whether it is for customers or business partners requiring access to information, or for mobile users requiring access to applications from outside the enterprise's walls, to name but a few. People and Organizations can have a big impact Few Organizations have incorporated internal security training and awareness programmes into their overall security strategy. Most end-users and business managers have not been made aware of the security risks of accessing the corporate network while working from home or on the move, and how this can impact the organisation. Organizations can implement as much security technology as they deem necessary, but without making the end-user aware of how their actions can pose a security risk, technology has a limited effect. Compliance does not equal security Organizations in general have yet to accept risk management and corporate governance as core to their overall security programmes and there is still a lot of work to be done involving top management. Traditionally, security has been left in the hands of the IT department. As such, top management is not really involved in the overall risk management plan of the organisation as it relates to IT security. There is a considerable lack of awareness among business managers regarding how security impacts the organisation. Most business managers also equate compliance with security, to the detriment of the organisation which is often the case. The Sarbanes-Oxley Act dictates that Organizations need to control access to their systems and also report on the users who have accessed the different systems. To enable this, security tools are required. This doesn't necessarily mean that the organisation is free from hackers, spyware and all other security issues. It just means that the organisation has the ability to check and identify users who access specific systems. Processes are key Companies in general demonstrate few efforts around security programme assurance, event logging, incident reporting and pro-active response activities. As such, many Organizations do not have an information security strategy that details processes to further ensure complete security. Some companies also implement the best security technology available on the market, without having the people or the skills to properly manage these tools, and to ensure that proper processes are followed. A practical example is where users make changes on the network. However, without a change management process in place, this may pose a security risk. While Organizations often increase spending on security technologies, the number of incidents continue to rise, which shows that a holistic and proactive approach to security is the best way forward.
Please Rate this Article 5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
