IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an
Security, as they may say especially from specialists, without doubt has great impact to stakeholders and organizations that wants all its assets, except those of meant to be public, be protected at all times or when it is warranted.
In the case of a critical information infrastructure, there might be a one-sided answer that IT specialists would at first hand consider before dealing on any other security solutions. Look at how internetworks is link on one end to the other. There are many different ways a multiple network sites could be interconnected, most popularly through the Internet, however the choice still depends on the kind of data that flows through it. Say at Qwerty Auto Elec Company (QAEC in short, fictitious organization name only), the riches and biggest, wanted all of its domestic and international offices linked altogether and must be secured without regard to drawbacks. It does not want its information leaked, no unauthorized access and ingress attacks (e.g. DOS) on the physical and logical layer of the network, et al. Considering no internal misconduct or conspiracy will happen QAEC wanted to achieve a 99.999 if not 100 percent network stability, at least, for a certain time period.
The combination of firewall, VPN and cryptography, to support the security of a large and geographically diverse computing processes, are worthy of the requirements, still, they may only be second to how the network infrastructure is designed and erected. With the initial specification QAEC has laid out, it may need a confined circuit and shall not be interfaced to and from the public Internet. It would require the telco to install it just like how a local area network is rendered or even better, if any.
It might be too costly (at the start) for QAEC to pursue on this direction but the integrity, confidentiality, availability and genuinness of the information is more important over anything else with respect to the interest (where the whole world watch and can be one) of the stakeholders.
The said criteria might also be true to other settings where stability during the event and unploughed information system is expected.
In the case of a critical information infrastructure, there might be a one-sided answer that IT specialists would at first hand consider before dealing on any other security solutions. Look at how internetworks is link on one end to the other. There are many different ways a multiple network sites could be interconnected, most popularly through the Internet, however the choice still depends on the kind of data that flows through it. Say at Qwerty Auto Elec Company (QAEC in short, fictitious organization name only), the riches and biggest, wanted all of its domestic and international offices linked altogether and must be secured without regard to drawbacks. It does not want its information leaked, no unauthorized access and ingress attacks (e.g. DOS) on the physical and logical layer of the network, et al. Considering no internal misconduct or conspiracy will happen QAEC wanted to achieve a 99.999 if not 100 percent network stability, at least, for a certain time period.
The combination of firewall, VPN and cryptography, to support the security of a large and geographically diverse computing processes, are worthy of the requirements, still, they may only be second to how the network infrastructure is designed and erected. With the initial specification QAEC has laid out, it may need a confined circuit and shall not be interfaced to and from the public Internet. It would require the telco to install it just like how a local area network is rendered or even better, if any.
It might be too costly (at the start) for QAEC to pursue on this direction but the integrity, confidentiality, availability and genuinness of the information is more important over anything else with respect to the interest (where the whole world watch and can be one) of the stakeholders.
The said criteria might also be true to other settings where stability during the event and unploughed information system is expected.
Comments