Make sure security be always part of IT
When we think of security ,we all think about security such as security products, security functions, control mechanism, privacy protection, implementation, maintenance, configuration, etc separately ,this causes many problems and adds up the overheads .
Information security can not exist alone without IT infrastructure, and it makes no sense when security runs away from IT. Security can neither affect the ratio of cost-benefit nor crease the complexity of IT. Security should help IT and be part of IT. The goal of security is to improve it and make IT safer ,stronger ,more flexible ,more productive as well. That’s the direction! But how? This is a good and general question, let’s drill down to the answer quickly.
From my point of view , actually based on my experience, perhaps the following ideas maybe help you when so-called headaches come up to you . That’s the ‘triangle sketch’(I name it for myself).
Firstly, please follow the ISO 27001 as the top security strategies which should be addressed in business perspective, furthermore these strategies should comply with the law and industry standards.
Secondly, you can deploy IT at the tactics-level referring to COBIT framework to ensure that the enterprise’s security operation sustains, supports, and extends the organization’s strategies and objectives.
At last, build the IT security infrastructure at a more detailed stage based on ITIL, conducting security to the plan, operation and process of IT structure.
Note that do not think of security beyond IT, they are one big family!
Recent Comments