Businesses today run on information. The proper use, availability, and protection of information are essential to the business’s ability to operate uninterrupted. As the value and velocity of information in business has increased, so too has the complexity of managing and controlling it. This is particularly the case as government, banks and other finance organizations extend themselves to the web to drive new opportunities and reduce cost. The availability, integrity or breach of confidentiality of information is no longer a matter of disruption and inconvenience; suddenly a compromise can have destructive consequences on a serious scale.
With ever-mounting pressures for better governance, through the adoption of associated best practices, as well as the growing emphasis on standards conformity coupled with the implicit requirements of legislation, the need to address Information Security has never been higher. That said; a correctly structured Information Security environment brings many costs, risk, and convenience benefits to an organization, which by its implementation can also address the governance, legislative and standards obligations.
Investment in Information Security is frequently hindered by the openly acknowledged difficulty in demonstrating a true ROI. To overcome this, ixtel provides a way in which Information Security can be embedded as part of business as normal and be used as a value-generating investment. In doing so, the business will deliver immediate, short, medium- and long-term benefits.
| Organization | Technology |
|---|---|
| Managing risk | Ongoing diligence |
| Increasing Complexity | Budget pressures |
| Lack of in-house expertise | Legacy applications |
| Supplier longevity | Managing evolution of technology |
The ixtel program Resolving the Information Security Kaleidoscope (RISK) seeks to do this. It takes a consistent and managed roadmap to the existing environment, avoiding the cost inefficiencies that characterize the management of changing risk landscapes in a more reactive and cost-inefficient way.
Why RISK? A kaleidoscope gives a narrow view of a complex landscape where its component shapes and colors are constantly changing. To resolve the continuous changes in information security, we need to understand the components and their relevance, and then review them as part of an overall structure. It is only when we understand the structure that we can start to construct suitable defenses.
RISK takes a holistic view of Information Security and draws on the centuries-old “Concentric Circles” philosophy. This recognizes the need for communities both internal and external to the organization to communicate and have access to various bits of Information. Some of this information is community-confidential while other information must be shared. Some sharing of information needs to be done privately while other information can be shared publicly. The source of information may be within the business, shared between businesses or public domain.
| Drivers |
|---|
| Regulatory compliance |
| Risk of human or system failure |
| Brand / Trust |
| Loss of revenue or service |
| Need for Security across the organisation |
| Convergence increasing vulnerability |
| increasing need for specialist resource |
| Control and visibility of key risk |
Furthermore, to facilitate trade business transactions have to be handled in a manner that allows their transfer across the public domain but maintains their confidentiality between the trading partners.
RISK is a pragmatic program that resolves this complexity and defines a supportable strategy, which can be implemented, tested and audited. It also recognizes that no two starting points are the same and delivers a progressive transformation path to a fully integrated solution. This then enables the business to function optimally focus on its core activities and accrue the benefits of RISK.
The ixtel RISK Programme is a structured methodology for ixtel and its customers to work together so that an organization can quantify the risks it faces and take appropriate steps to mitigate them. RISK is not about saving money. It does though provide tangible and intangible benefits on three main fronts.
- Implementation of the RISK program will lead to an overall reduction in operational risk by the clear identification of requirements and adoption of best practices. This then supports stakeholder obligations and governance
- It will enable the maximization of benefit from the available budget and quantify the risk of insufficient budget allocation.
- It will deliver a range of less tangible benefits that help optimize the running of the business.
The prime tenets of Information Security are the maintenance of confidentiality, integrity and availability of information. Making information totally secure is not a solution as this prevents its availability. This means that Information Security is a perpetual compromise and must be recognised as such. Especially as it is the use, communication and means of communication of Information that create the security issues that have to be addressed.