Quality Assurance and Project Management

Mar 20 2017   9:37PM GMT

Information Security Framework – What To Consider?

Jaideep Khanduja Jaideep Khanduja Profile: Jaideep Khanduja

Tags:
Information security
Security Framework

Information security frameworks questions are quite common across the globe. Technology and business keep raising concerns about the information security. The information security framework comes into picture for that purpose. It is entirely dependent on the business framework and security needs. Hence a common framework will never suffice all businesses in general. It has to have precisely as per the needs. For instance, the information security framework in banking would be quite different from any other business as far as transactions and customer information are concerned.

Here is a recent question on ITKE regarding the same. Would you give me guidelines on development steps and initial requirements of information security framework? The answer as per my knowledge goes like this. Information not only talks about digital information but the physical information too. Hence the three spectra that you need to take care of while creating your policies must include – all critical data in devices (databases, emails etc.), all information on paper/files/physical, and all key personnel in the organization having critical business information. Logically, there are two kinds of risks as far as information security is concerned. Firstly, there is an internal security risk that you need to mitigate. Secondly, there is an external set of risks.

Information Security Framework

Information Security Framework

Though the security needs might be same in both the cases on a broader level. But there has to be a different set of processes and procedures to tackle both. It is apparently true that the risks from the people inside are higher than outside. The reason for this is that there is a high level of data and information exposure to employees. Therefore, you have to handle rights and access quite wisely. In fact, there is another prominent concern in this regard. That is about sharing of passwords. There are many cases where a manager shares his or her password with subordinates just to shred off some of the responsibilities. Information Security Framework is definitely a serious concern. Also, there has to be a constant review policy for the same.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: