Monday, 29 June 2020

The information security architecture helps to compare the current state of security

The architecture of information security is especially important in an unstable economic situation, when there is no more money for everything you “want”, and all projects should be linked to the survival of the business in a crisis. Only a clearly built architecture allows you to stay on track and achieve your goals.

How do we help meet the business needs for information security (IS) now and how will we do it in a year? For some enterprises, even five years is a very short time interval, since they tie their plans to the life of, for example, a turbine or a blast furnace, the design life of which can be fifty years. Accounting for sufficiently long time periods is the key difference between good architecture and bad.

There are five main reasons why they turn to the architecture of information security: Architect description

Tired of fighting the inconsistency of the activities of the units involved in the organization of IS - the IT department, the legal department, internal control, etc.
Dissatisfaction of users and management of the current state of information security at the enterprise is growing.
It is time to consider the return on information security.
There is a misunderstanding of the ways of developing information security in a company. Priorities of projects and technologies are not defined.
The IS service wants to break free of the negative attitude towards itself, tightness within a narrow framework, which does not allow demonstrating its value to business.
It can be seen that, as a rule, the architecture of information security is needed by large enterprises - in small businesses there are no problems described or they are not so acute. Large companies do not need architecture only in conditions of stability (which is not present now).

Here are some of the consequences of the lack of information security architecture:

Residual financing. If you don’t know where you are moving and how you influence the company's business, then why invest in you?
Dissatisfaction of all layers of users with how confidential information and other types of secrets are protected, how they are protected when accessing the Internet, how email is processed (read by IS personnel or does not reach the addressee at all because of its classification as spam).
Potential claims by regulators whose requirements are usually not agreed upon and controversial. Everyone either rushes around, trying to satisfy all the requirements, or turns a blind eye to them until the next check.
IS inefficiency in the enterprise due to the neglect of certain aspects of the activity (for example, the presence of remote connection of process control system developers to support via the Internet), which leads to unpleasant incidents.
Inconsistency or even direct opposition of various units, each of which has (usually informally) separate responsibilities for ensuring information security. The lack of a clear separation of areas of responsibility (which is usually prescribed in architecture), which leads either to pulling the blanket over itself, or to reluctance to take on the “alien” front of work.
In favor of architecture, there is another example. Often from the lips of manufacturers of certain technical means you can hear that the introduction of a new product will immediately solve all the problems that have arisen. And since the problems described are quite real, the buyer believes. In practice, huge amounts of money are being spent on the new product, and the effectiveness of these investments is either not measured or is negative. Although being among the first ones sometimes means overtaking competitors, you should not recklessly buy technological innovations just because they are actively advertised by the manufacturer. The right architecture will allow us not to succumb to the entreaties of the seller and deal only with those projects that are aimed at achieving the goals of the enterprise, and not the developer.

No comments:

Post a Comment

Aruba HPE Instant On Small Business Access Point Overview

Features of the Aruba brand and the Instant On line The Aruba brand is owned by the American company Hewlett Packard Enterprise (HPE) and is...