siliconindia logo
CIO City >>  Expert  >>  

Porus Mancher Mehta

"Managing Information Security Is A Layered Approach Of Putting Policies, Procedures And Technical Mechanisms In Place To Protect Businesses"


Maximizing the cost efficiency for information security
Information is a critical asset in the operations of any business. Data and privacy compromises makes the news today; a security breach that puts your name in the headlines cannot only damage your reputation and your credit rating, but can leave you exposed to lawsuits and even bankruptcy.

Managing the information security is a layered approach of putting policies, procedures and technical mechanisms in place to protect detect and correct problems before they threaten your business.

Policies and procedures should be rolled out on an enterprise portal to ensure that every employee is made aware of information security. The portal can be devised using many of the open source tools, which shall not affect the capital expenditure and operational expenditure significantly.

Today’s servers are significantly power and it is advisable to go in for virtualization of such devices, thereby optimizing not only the CPU hardware, but also save in on the rack space and cooling thereby going green.

Unified threat management (UTM) is a comprehensive solution that has recently emerged in the network security industry as a primary network gateway defense solution for organizations. However due to issues in terms of calculating the actual throughput and wrong number of licenses being procured these devices are degraded to perform like firewalls.

In large organizations the processes are often created and adhered to in silos, thereby creating issues within the organization. It is advisable to review and update the process at least once a year and remove the unnecessary bureaucracy. The effort spent by few individuals and subject matter experts shall ensure that the process adhere to the organizations security needs and implementation.

Traffic congestion plays a vital role in the productivity of an employee. Organizations have recently started a concept of 'Work from Home.' Allowing and monitoring the work performed by employee from home, should now gain prominence. Solution such as Virtual Private Network (VPNs) combined with strong two factor authentication has been deployed in most organizations. Security solution for accessing mails from a handheld or from a personal laptop / device, have been deployed for ensuring quick and productive responses.

Innovative solutions such as remote access and TelePresence are gaining importance. Solutions such as TelePresence allows meeting to be conducted by members sitting in different geographical locations. This reduces the time and cost of travel for Senior Management andemployees.

ISO 27001:2005 standard has multiple advantages in ensuring a secured and sustained solution to Information Security. Company wanting to gain advantage in this competing world and ensure Information Security as their objectives, should consider going in for this certification.

As a closing note I would like to mention, Return of investment does not need to be focused only on the monetary gains, but should also consider the threat and vulnerabilities that have been addressed by implementation of controls around people, process and technology.