CIOInsider India Magazine
Imperative for All Large, Small and Big Enterprises to Invest in Information Security
“What new technology does is create new opportunities to do a job that customers want done,” says a famous quote by Tim O’Reilly.
Often, a new technology comes with its hidden challenges. In the world of information, we encounter mankind’s biggest challenge of information security. Businesses of all sizes face the dilemma of either investing in digitization or protecting the security apparatus of their company’s digital assets.
Information Security is making sure an organization’s data is safe from cyber attacks from both internal and external actors. It can encompass a body of technologies, processes, policy, used to protect networks, computers, and sensitive organization data from unauthorized access, leakage, or damage.
Organizations and their information systems and networks are exposed to security threats such as fraud, fire, and flood from a wide range of sources. The increasing number of security breaches has led to growing information security concerns among organizations worldwide. Achieving Information Security is a huge challenge for organizations as they cannot achieve it through technological means. It should never be implemented in a way that is either out of line with the organization’s approach to risk or in a way that undermines or creates difficulties for its business operations. Thus, there is a need to look at information security from a holistic perspective and to have an information security management methodology to protect information systematically.
Information Security Management System (ISMS) – ISO27001:2013 is a standard requirement for implementation where it specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a document within the context of the organization’s overall business risks.
Security audits will help protect critical data, identify security loopholes, create new security policies, and track the effectiveness of security strategies
The overall business risks of the organization are defined as the following:
•Privacy concerns
•Reputation concerns
•Legal/compliance risk
•Identify thefts
•Copyrights violations
In general terms, I would like to explain as C (confidentiality), I (integrity), and A (availability)
Confidentiality- ensuring that the information is accessible only to those authorized to have access
Integrity - safeguarding the accuracy and completeness of information and processing methods
Availability - ensuring authorized users have access to information and assets when required.
Dale Carnegie said, “When dealing with people, remember you are not dealing with creatures of logic, you are dealing with creatures of emotion.”
Similarly, business leaders and managers have misconceptions about the information security of their companies. As much as a company takes steps to protect its intellectual property, it is important to set aside the belief that it is impossible for someone to break into our data.
According to the IBM Cybersecurity Intelligence Report, there are various observations about the number of information security incidents.
•37 percent of the incidents are due to Intrusion by someone outside the organization without theft or loss.
•20 percent of the incidents are due to Intrusion by someone within the organization without theft or loss
•18 percent of the incidents or thefts are due to malicious software
•15 percent of the incidents are on account of data loss or theft by someone within the organization
•13 percent of the incidents take place because of data loss or theft by someone outside the organization
•Other reasons account for only 4 percent of information security-related incidents
To ensure better security of the organization, the Information security team must carry out two basic audits - internal as well as external. During the internal audit, the organization assesses its systems and data to determine if it complies with its standards and policies. While in the external audit, an external agency does the audit to see if the organization complies with industry standards or government regulations.
Security audits will help protect critical data, identify security loopholes, create new security policies, and track the effectiveness of security strategies. Regular audits can help ensure employees stick to security practices and protocols and can catch new vulnerabilities. The goal is to identify any vulnerabilities that could result in a data breach.
