An immensely broad field, Information Security involves the design and testing of data which may be personal, internal or confidential, communicate via networks and the internet, should be secured and protected.
In this post, the main objective is to narrate one of the fundamental concepts of security that should be familiar with most security professionals: The CIA (Confidentiality, Integrity, and Availability) triad.
A simple but widely-accepted security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which can be implemented in any kind of organization. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three is non-compliant, it may have serious consequences.
Let’s understand the importance of these three components (CIA).
5W-2H is a classical management tool usually used for process improvement, which helps in analyzing the problem/process in a holistic manner to suggest possible solutions. This approach brings in a 360 degree perspective, which doesn’t stop with implementation of a single or pointed solution but more of a continuous improvement concept to be used for improvisation. Let’s use this concept for information security, which when process improvised will lead to enhanced governance in place with technological aspects inevitably falling in line.
Consider the situation of Enterprise Vulnerability Management (EVM) to be implemented in an organization, and let’s see how this 5W-2H tool enables us to connect the dots and formulate a plan of action.
Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Government and created the Chevening-TCS Scholarship on Cyber Policy for professionals in diverse fields from India. This is the world’s first cyber security and public policy fellowship programme.
This programme builds on considerable bilateral interaction at various levels between India and the UK on the subject of cyber security and is intended to develop expertise and skills in the areas of cyber security, information assurance and online governance challenges. The Chevening TCS Cyber Security Fellowship is a 12 week fully funded residential programme delivered at Cranfield University at the Defence Academy of the United Kingdom, Shrivenham.
Compliance is critical, necessary and not evil. Every organization wants to meet the compliance requirements and doing risk assessments, vulnerability management are key to achieve critical requirements.
Most of the times the organizations just see Vulnerability Management as another checkbox in pursue of compliance and forget or ignore many different aspects or they don’t have concrete foundations to carry out a well drilled and oiled Vulnerability Management process and the process complicates or fails mid-way. Our job is to make the process as smooth as possible and sometimes it is better to start at step 0.
Gone are the days when security was less important area for organizations. But with immense growth in various attacking and fraud techniques, organizational security has become the major concern. Now days companies are spending millions of dollars each year to keep their environment secure. Still no environment can be 100% secure, as intruders too are trying the latest hacking and attack methods. This is the reason why information security area is booming up and companies are ready to pay huge money to enterprise security services providers.