|
||
|
|
Save 45% when you buy the CEO Series. It covers the ten core business processes and comes with nine fully-editable manuals for:
|
|
Information Security and IT Standards
In recent articles, we have been discussing Information Technology (IT) in business management. This week we will discuss Information Security and IT Standards.
Computers and IT have become important parts of business operations, storing and circulating critical information between numerous business processes. Many business functions require the use of computer systems and networks, and businesses and computer networks are increasingly interconnected.
But how do you govern these systems and what standards do you choose? In other words, how much should you think about coordinating and securing the information that is so important to you and your business?
Information Security
Any information is susceptible to leakage or damage unless protected by a strong security system. Information stored in computers is no exception. With the high usage of computers, servers and many systems connected by layers of networks, security is one of the key challenges for IT professionals today. We hear so much about identity theft, virus infections or spyware hijacks. At various levels, all these activities put heavy burdens on your resources.
In order to preempt this threat and protect your information, you must have information security measures in place to maximize results. This means developing and implementing a set of controls through appropriate policies, procedures and processes. Besides meeting your organization’s goals and objectives, these controls should also be aligned with other business processes in your organization.
IT Governance
This is where the issue of IT governance comes in. The executive summary of COBIT or the Control Objectives for Information and related Technology identifies IT governance as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus the return or IT and its processes.” In other words, IT governance is about balancing risk and return from your IT processes.
So how do you approach IT governance? Businesses can either create their own structures and frameworks, or adopt universally accepted “best practices” standards that have been tried, tested and improved by a large number of organizations and individuals. Implementing an IT quality standard has its own benefits.
that danger may come. When in state of security he
does not forget the possibility of ruin. When all is orderly,
he does not forget disorder may come”-Confucius
IT Standards
Two main IT standards available today are COBIT and ISO 17799.
Currently in its third edition, COBIT is a framework for managing IT risk and was created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). It consists of 34 high level objectives covering 318 control objectives categorized in four areas—planning and organization, acquisition and implementation, delivery and support and monitoring.
The six elements of COBIT are documented in separate volumes and include management guidelines, control objectives, COBIT framework, executive summary, audit guidelines and an implementation toolset.
ISO17799 was originally published in 2000 by the International Organization for Standardization, which reissued a revised version in June 2005. It is based on the British Standard BS7799 and focuses on security with an aim to help organizations create effective security plans.
The ten main sections of ISO 17799 are: security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance.
Benefits of IT Standards
Adopting an IT Standard, by itself, may not mean that your organization is 100% secure. However, compliance with these established standards goes a long way in demonstrating that you take security issues very seriously. On the top level, four obvious benefits of IT standards stand out:
Completeness: Like any other internationally accepted standard, IT standards spare you from reinventing the wheel. Why spend the time and resource creating something that already exists and is proven to work?
Compliance: Using a widely regarded standard demonstrates that the organization practices industry norms and follows applicable laws and regulations.
Credibility: Having a standard in place reassures stakeholders of the company, including customers, suppliers, and employees by demonstrating that your organization is committed towards protecting valuable information.
Confidence: By minimizing risk of information leakage, IT standards lead to better knowledge management and more efficient use of your IT assets.
This week we have looked at how to govern these systems and what standards to choose in order to coordinate and secure the information that is so important to you and your business process management.
To learn more about improving and strengthening your processes, attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.
Call for information on having your own private in-house classes today.
Related Articles:
This and more articles like this can be found at www.bizmanualz.com. This article may be reprinted freely as long as this resource box is left intact.
