Tuesday, September 15, 2009


In the good old days, security meant a guard with a gun or a well trained Doberman that refused food from strangers. Now, we have hacking, phishing, identity theft, viruses, spyware, adware and a host of other malicious attack techniques. Over and above this, an aspect of security that is generally not considered as deeply, there exists the possibility of problems and issues occurring simply due to non-intentional, non-malicious errors. An example of this might be that due to a bug in the code, sensitive client’s information is available to view by everybody. This wasn’t a deliberate move on the programmer’s part but simply an error in the code. However, the net result was a compromise in the security level of the application.

The solution to security issues is, of course, a well defined and implemented security management process. The cornerstone of the security management process is the overall security policy for the organization. The Service Level Agreements of each service should also include security requirements that can then be individually addressed.

Security activities can be divided into the following steps:

  • Planning

  • Implementing

  • Evaluating

  • Maintaining

  • Reporting

  • Controlling

Security activities can also be broken down into the following types:

  • Preventative – such as firewalls, login requirements, ID cards etc.

  • Reductive – backups and testing etc.

  • Detection – Antivirus and antispyware software, network intrusion monitoring etc.

  • Repression – Blocked login after 3 failed login attempts, card retention after failed pin entry etc.

  • Correction – restoring backups, removing viruses that have entered the system etc.

Therefore, it is clear that a lot of thought and work must be devoted to security in order to maintain the security requirements that are considered part and parcel of any product or service nowadays. Security must be a consideration right from the very beginning when a service is being conceived at the strategy stage and should be designed into the service. Too often, very superficial security considerations are made in the beginning which results in inadequate security of the final product. Organizations must now consider security as important and significant as any other aspect of their organization’s functioning.

No comments:

Post a Comment