Sunday, July 10, 2011

The 4 pillars of IT security management

When we talk about IT security, we have to ensure that all the following 4 areas are well covered and non are missed out:

  • Availability - information must be available and usable when required, and the systems that provide it can appropriate resist attacks and recover from or prevent failures.
  • Confidentiality - information must only observed by or disclosed to those who have the right to know, and well protected against unauthorized access and use.
  • Integrity - information must be complete, accurate and protected against unauthorized modification.
  • Authenticity - business transactions, as well as information exchanges between enterprises, or with partners, can be trusted

Information Security Management must consider the following 4 perspectives:
  • Organizational – well defined security policies and staff awareness of these
  • Procedural – well defined procedures used to control security
  • Physical – controls used to protect any physical sites against security incidents
  • Technical – controls used to protect the IT infrastructure against security incidents
Does the IT security of your organization has all these in place?


Post a Comment

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.