-- Security is a Process not a Product --

The growth of the internet and increased inter-networking within organisations has meant that information systems are now much more vulnerable to attack, potentially within and outside the organisation. The rapid rate of technology change is emerging as one of the biggest threats to information security. Because technology changes processes rapidly, there is not enough time for organisations to develop effective responses to specific threats. This results in many organisations not effectively mitigating their security risks and others have simply lost sight of their security objectives because of the sheer complexity of the technology involved. The threats keep coming, systems evolve, and people want to do more over networks. This can result in lost income, additional expenses and fines, or the erosion of trust and IT control over time for organizations. Using network monitoring tools to identify technical attack points or vulnerabilities help identify technical issues. However, people and processes can compromise technical controls through accidental or intentional misuse, putting entire organisation information and networks at risk.

Image

There is simply no magic bullet to cure the ills of corporate security, with also the increase in potential threats from worms, viruses, hackers, and employees, and the demand for open system architecture to support e-business.
We need to understand that no one technology or methodology will address all the security needs of any organization. Effectively safeguarding data and assets requires a holistic approach that embraces all aspects of security, including systems architecture, policies, procedures, and user education.
Holistic security involves deploying the right solution as much as it is getting the entire organization to embrace a security state of mind.
A holistic approach to information security requires identification of vulnerabilities and threats that are most likely to occur, quantification of the potential harm to your business, and development of mitigation efforts to achieve an acceptable risk level. This is not simply about managing a device, pushing a rule change or correcting a patch level. It requires determining which assets to patch first, what controls to implement, whether or not patching occurred, and what effect remediation efforts will have on overall risk exposure. Regular assessment and continuous monitoring helps ensure that mitigation has occurred, and helps identify new threats. As requirements and systems change, security professionals make tradeoffs to achieve an acceptable level of risk without compromising data availability, confidentiality, and integrity. A holistic approach with an effective risk management program enables organisations to manage the evolution of their information security systems.

At ISecurity we take a holistic approach when assisting organisations to implement information security solutions.