The solution to security issues is, of course, a well defined and implemented security management process. The cornerstone of the security management process is the overall security policy for the organization. The Service Level Agreements of each service should also include security requirements that can then be individually addressed.
Security activities can be divided into the following steps:
- Planning
- Implementing
- Evaluating
- Maintaining
- Reporting
- Controlling
Security activities can also be broken down into the following types:
- Preventative – such as firewalls, login requirements, ID cards etc.
- Reductive – backups and testing etc.
- Detection – Antivirus and antispyware software, network intrusion monitoring etc.
- Repression – Blocked login after 3 failed login attempts, card retention after failed pin entry etc.
- Correction – restoring backups, removing viruses that have entered the system etc.
Therefore, it is clear that a lot of thought and work must be devoted to security in order to maintain the security requirements that are considered part and parcel of any product or service nowadays. Security must be a consideration right from the very beginning when a service is being conceived at the strategy stage and should be designed into the service. Too often, very superficial security considerations are made in the beginning which results in inadequate security of the final product. Organizations must now consider security as important and significant as any other aspect of their organization’s functioning.
No comments:
Post a Comment