Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
Issue of April 2003 
 Home > Edit
 Print Friendly Page ||  Email this story

Security: Thinking beyond technology

How do most Indian companies define information security? As per Infrastructure Strategies 2002 (IS 2002), a nation-wide survey of IT decision makers and decision influencers, more than 50 percent of the respondents equate information security with just anti-virus or firewalls. The only exception to this is in the BFSI sector, where given the sensitive nature of financial data, security is considered paramount.

Most companies tend to lay too much emphasis on the technology aspect of security. True, technology is important and anti-virus and firewalls form a core component of information security, but there's lot more to security than just these two. To define a successful security strategy for your organization one needs to consider people and processes as well.

The people link
Information security in any organization is as secure as its weakest link. And people are the weakest link in the security chain. How often do you come across employees who write their login ID and password on piece of paper?

The solution is to create awareness among employees about their security responsibilities. They should be trained as and when there is a change in business process or technology, since both are closely interlinked.

Process issues
Processes are critical to defining a successful security strategy. In fact, security technology isn't worth much unless the processes are properly defined or implemented. Sadly, in many companies security processes are either immature or non-existent. IT managers consider security a one-off solutions-driven implementation.

Processes are a mix of security policies, audits, best practices, and understanding of regulatory and corporate issues. Companies should have a clearly defined framework for periodic assessment of security policy or audits.

The management angle
Finally, the success of any change initiative is directly related to the top management. Likewise, security change should start at the very top. The CEO, board of directors and executive management (including business heads) should be committed to incorporate the changes required to make the organization more secure. They should realize that security is a business issue and not just a technology one. The idea would be to make security an inseparable part of corporate culture.

Sandeep Ajgaonkar, Associate Editor

- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.