Top tips for managing operational risk in a high-change environment
Stories by Simon Burson
What life is like working in information security
The overwhelming desire of most organisations to customise the 'cookie cutter' style services they consume can lead to their degradation. Could the employment of the “cloud” be the catalyst that leads to greater losses by adding another story to the house of cards?
It is commonplace for organisations to meet the technology needs by outsourcing IT to a specialist company.
The ideal information security environment is different depending on who you talk to. Your typical security engineer may say it must have firewalls, intrusion detection or any number of security focused technologies. Meanwhile a security tester may suggest that it is conducting penetration testing to provide assurances that security widgets are working well.
This article attempts to provide a usable checklist to ensure the foundation is in place for an organisation to be as secure as it can reasonably be, given that it is operating in its own unique enviroment.
The need to keep information secure is not a recent development. To satisfy this need, most organisations construct a list of security requirements based on common sense. This has proven fairly effective with simple and well understood media such as pen and paper. As information management (and its security) has become more complex in nature, the likelihood of a gap in that common sense list of requirements has increased.