Businesses today run on information. The proper use, availability and protection of information are essential to the business’ ability to operate uninterrupted. As the value and velocity of information in business has increased, so too has the complexity of managing and controlling it. This is particularly the case as government, banks and other finance organisations extend themselves to the web to drive new opportunities and reduce cost. The availability, integrity or breach of confidentiality of information is no longer a matter of disruption and inconvenience; suddenly a compromise can have destructive consequences on a serious scale.
With ever mounting pressures for better governance, through the adoption of associated best practices, as well as the growing emphasis on standards conformity coupled with the implicit requirements of legislation, the need to address Information Security has never been higher. That said; a correctly structured Information Security environment brings many cost, risk, and convenience benefits to an organisation, which by its implementation can also address the governance, legislative and standards obligations.
Investment in Information Security is frequently hindered by the openly acknowledged difficulty in demonstrating a true ROI. To overcome this, ixtel provides a way in which Information Security can be embedded as part of business as normal and be used as a value generating investment. In doing so, business will deliver immediate, short, medium
Need for security across distributed organisation –The ixtel programmeResolving the Information Security Kaleidoscope (RISK) seeks to do this. It takes a consistent and managed roadmap to the existing environment, avoiding the cost inefficiencies that characterisethe management of changing risk landscapes in a more reactive and cost-inefficient way.
Why RISK? A kaleidoscope gives a narrow view of a complex landscape where its component shapes and coloursare constantly changing. To resolve the continuous changes in information security, we need to understand the components and their relevance, and then review them as part of an overall structure. It is only when we understand the structure that we can start to construct suitable defences.
RISK takes a holistic view of Information Security and draws on the centuries old “Concentric Circles” philosophy. This recognisesthe need for communities both internal and external to the organisation to communicate and have access to various bits of Information. Some of this information is community-confidential while other information must be shared. Some sharing of information needs to be done privately while other information can be shared publicly. The source of information may be within the business, shared between businesses or public domain.
Drivers for Resolving the Information Security Kaleidoscope (RISK)
• Regulatory compliance
• Risk of human or system failure
• Brand /Trust
• Loss of revenue or service
• Need for security across organisation
• Convergence increasing vulnerability
• Increasing need for specialist resource
• Control and visibility of key risk
Furthermore, to facilitate trade business transactions have to be handled in a manner that allows their transfer across the public domain but maintains their confidentiality between the trading partners.
RISK is a pragmatic programmethat resolves this complexity and defines a supportable strategy, which can be implemented, tested and audited. It also recognisesthat no two starting points are the same and delivers a progressive transformation path to a fully integrated solution. This then enables the business to function optimally focus on its core activities and accrue the benefits of RISK.
The ixtel RISK Programmeis a structured methodology for ixtel and its customers to work together so that an organisation can quantify the risks it faces and take appropriate steps to mitigate them. RISK is not about saving money. It does though provide tangible and intangible benefits on three main fronts.
Implementation of the RISK Program will lead to an overall reduction in operational risk by the clear identification of requirement and adoption of best practice. This then supports stakeholder obligations and governance.
It will enable the maximisationof benefit from the available budget and quantify the risk of insufficient budget allocation.
It will deliver a range of less tangible benefits that help optimisethe running of the business.
The prime tenets of Information Security are the maintenance of confidentiality, integrity and availability of information. Making information totally secure is not a solution as this prevents its availability. This means that Information Security is a perpetual compromise and must be recognisedas such. Especially as it is the use, communication and means of communication of Information that create the security issues that have to be addressed.