Blog Login

(Enter the numbers shown in the above image)




Security as a business model

            Every business has information that it needs to protect. Even public resources, such as libraries and schools, hold information which may be confidential or that they wish to protect from defacement. To this end there is a nee for security in the IT infrastructure. Unfortunately, with the advancement of hackers, worms, and botnets, the role of security has moved well past that of simple anti-virus software. Today, even the simplest organization needs to have a member of their IT team that can understand the fundamentals of security and what the appropriate safeguards are for the infrastructure. This is not to say that every company should have an elaborate IPS and SEIM structure with complete DLP and log management. But that someone should have the knowledge to assess what security is appropriate for the company and do manage that security. Whether it is keeping patches up to date or managing a complete security team, the need to protect the business and match the appropriate level of security to the business is fundamental to the success of the organization as every organization's dependence on technology pins their bottom line to one security breech.


Security as a resource

            As organizations grow and change their IT needs change. Security department are uniquely positioned to help best meet these needs. The security picture illustrates threats and vulnerabilities. It should show data resources and demands. This information will be essential in mapping a strong network architecture. Security teams are the best situated members of an IT organization to facilitate the discussion of resource demands and availability. Their knowledge of regulatory issues positions them well as business strategists available to help navigate the compliance process. Security as a discipline integrates with and supports all business functions.


Security as a discipline

            Security should be behind the scenes. Like most of IT, good security just happens. If you know it is happening then something is wrong. When it becomes a part of the routine culture and practice of an organization than security practices have been properly implemented. Web security should be affective without being intrusive. While users will know their drives are encrypted through a logon screen, it should not impact their working performance. Policy and compliance should be a business process built into design and development and life cycle management throughout the organization.

            When a security event does occur the well integrated and mature security process is able to respond: identifying, containing, and mitigating the event. A mature security program will have integrated throughout the organization, integrating every employee and every resource as a component to be used in the incident handling process. Security is education and support provided to bring an organization together as a unified business process.