IT Security Concepts in plain English

  |   Technology   |   5 Comments
IT Security Portfolio

 

I have always pretended to be a technologist, while I hardly understand anything technical. Honest confession. However, in the past couple of years, I realized that this is rather a strength than a weakness. I am sure, most of us reading this article are also in my league. We all are good in relating technology to our businesses and make good use of it.

 

I have always adopted technology in my own organization prior to consulting other enterprises or my esteemed clients. Couple of years back, my organization faced a threat in Information Security, and as human nature, only then did we realize the importance and the vulnerability of our systems. Even if it were as simple as an email system, we realized that we could have compromised on its confidentiality. Furthermore, for un-automated organizations, large amounts of confidential information floats in mails and people realize their importance only in a threat situation. Identifying the importance of information is the first step towards fortifying it.

 

As COBIT 5 for Information Security states, “Information is a key resource for all enterprises and, from the time information is created to the moment it is destroyed, technology plays a significant role. Technology is increasingly advanced and has become pervasive in enterprises and the social, public and business environments.”

 

As organizations start automating their key processes, this information moves from an unstructured email communication to a more structured repository. While automation helps in reducing manual labor and thereby operational costs, it also throws open a security issue. While earlier, securing the simple email services would have sufficed, now the organization will have to secure their applications as well. The second step is in identifying in what different ways is the information vulnerable. Without knowing this we will not be able to arrive at any security solution.

 

The various layers in which your information security can be breached are:

  1. User Authentication Level
  2. At an Access and Privilege Granted Level
  3. At an Infrastructure Level
  4. At Database Level
  5. At Application Level

For many industries, a regulatory body provides comprehensive security guidelines. Take a Bank for an example, which can follow guidelines from its Central Bank, PCI and more. However, not all industry verticals have the convenience of a regulator or a guidance body, in which case, they themselves need to understand their vulnerabilities and appoint consultants to rectify them. Many times, hiring an external IT Auditor, may also provide at a small price, a very comprehensive Security report. This can become the template in fortifying your Information.

 

I will, in my successive posts, delve deeper in the 5 different layers of security.

The following two tabs change content below.

Palash Bagchi

Executive Director at STPL Global
Palash is an experienced business leader with exposure to industries of Civil and Construction, Education, Information Technology, Banking and Financial Services, Telecommunications, and Energy & Utility. He has been engaged with the world's top organizations and imbibed skills of process standardization, global risk management, sales and marketing, and alliance management. Palash is experienced in various emerging markets including Africa, South Asia and South East Asia and has lived and operated in these geographies. He holds a Bachelors Degree in Civil Engineering and has studied Finance from IIM, Calcutta. He provides strategic direction to his organization and is instrumental in creating the operating ecosystem.

Latest posts by Palash Bagchi (see all)

5 Comments
  • Fear of the Unknown-IT Security Level 1 - STPL Global | Feb 8, 2014 at 4:46 PM

    […] Palash Bagchi   |   Technology   |   No comment Note: Recommended reading a prelude to this chapter, IT Security Concepts in plain English, click here  […]

  • Anonymous | Feb 23, 2014 at 9:56 AM

    Hey There. I found your blog the usage of msn. That is a very neatly written article. I’ll be sure to bookmark it and come back to read extra of your useful information. Thank you for the post. I’ll certainly comeback.
    [url=http://www.madoku.com/]nike

  • Anonymous | Feb 23, 2014 at 12:37 PM

    Hiya very cool website!! Guy .. Excellent .. Amazing .. I’ll bookmark your website and take the feeds additionally?I’m satisfied to search out a lot of helpful information right here within the put up, we’d like develop more techniques on this regard, thanks for sharing. . . . . .
    [url=http://www.azeroths.com]

  • Anonymous | Feb 24, 2014 at 9:25 AM

    You recognize therefore significantly when it comes to this matter, made me personally consider it from a lot of varied angles. Its like men and women are not fascinated unless it’s one thing to do with Woman gaga! Your individual stuffs excellent. All the time care for it up!
    [url=http://monclershop.allshop.jp]

  • Cecilia | Mar 3, 2014 at 6:58 PM

    If you would like to increase your familiarity simply keep visiting this web page and be
    updated with the most up-to-date information posted here.…I will be happy if you visit my blog and say something http://twitter-guide-1.blogspot.com/

website security