Skip to main content

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an

Information security

The ISO/IEC 27000:2009 provides overview and vocabulary for the information security management system, the ISO/IEC 27001:2005. It defines information security as a preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved.

In order for an information security activities to be successful, one would have to think about the mentioned preceding elements. Considering a top secret information, which the stakeholders cannot allow to be processed through the systems and internetworks without a good mechanisms in place. Doing so otherwise would only put information in peril. It may also be that information could never be trusted completely.

Taking into account all factors and resources have been in proper places. Let us look at the two important mechanisms that may satisfy the above mentioned security elements:

Cryptography and digital certificates would make information with confidentiality, integrity, authenticity and non-repudiation. 

Network structure, private circuit and firewall would make information available and reliable.

The overall efforts, if any, without any of its components being done judiciously and diligently may never be effective to secure information for key stakeholders to believe that those information are authentic and was not altered while on transit or on storage. 

Comments

Popular posts from this blog

Expressed information is key

It must be a great deal, nowadays. Though, not easy to accomplish and as easy as we say it, not impossible to re/construct it considering all the resources being wasted and ruined unwittingly, as the most probable causes ever. Given that we always try hard to be understood every time. With the COVID19 onslaught, or in any manner of emergency cases, it is very important for people to know where to find authoritative information. Mostly, we go to our government and organization's websites, the almost permanent fixture of our public information. We tune in to press conference and telecommunications' alert messaging on behalf of, or directives from the government and, its customers. Sometimes, the news would find us. Governments, international organizations and multinational companies need to have a coordinated strategy how to dispatch information, which can be a guidance what needs to be done and anything special when it comes to the safety and welfare of everyone. Above all, cru

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an