Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
Issue of November 2002 
 Home > Editorial
 Print Friendly Page ||  Email this story

Security policy - a vital ingredient

Information security in any organization is as secure as its weakest link. And understanding the importance of this 'mantra' is very crucial when it comes to framing a security policy. One may have the best security infrastructure money can buy, but in the absence of a well-defined and updated security policy, the business faces a threat.

Unfortunately, security policies often figure at the end of most CIOs' things-to-do list, when it actually is a vital ingredient. When the drafting of a policy is ultimately initiated, many do not know the kind of policy their organization needs and the ways to develop the relevant guidelines.

Finally, once the policy is drafted, one still has to figure out ways to communicate it to users, and plan processes to enforce it. There is no standardized or sure-fire way of enforcing a security policy. This leaves lot of room for error.

Then there's the question of updating your security policy from time to time to fit the changing business conditions. How often should a CIO update the company's security policy? Once a year, or twice a year? Who should be involved in framing and updating the security policy? The CIO's suddenly short of answers.

CII-PWC survey
A recent CII-PWC IS Security Survey 2002-03 highlights the alarming state of security policy implementation in India. According to the survey, 68 percent of the respondents accorded a high priority to security, but surprisingly only 41 percent had a comprehensive security policy in place. A rather large chunk, about 47 percent of the respondents continue to operate without a security policy.

In this issue of Network Magazine we look at the 'Security Policy' scenario in India extensively. We talked to security management specialists in order to provide answers to a wide range of issues on creating, managing, and enforcing a security policy.

In due course of our research, one thing became quite clear: framing a security policy is not the sole responsibility of the CIO. The CEO, HR Head, and other business and operational heads will have to play a pivotal role in defining a security policy, since a CIO may not be fully aware of all the business and operational issues.

The Next windows
Windows .NET Sever, the next version of the popular Windows NT/2000 is bound to raise a gamut of upgrade issues for CIOs. We give you a sneak peek at this highly-anticipated OS and a look at three compelling reasons to upgrade.

Sandeep Ajgaonkar,
Associate Editor

- <Back to Top>-  

Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD