Industries follow this approach and then think their system is secure. But they forget that the remote access and wireless network doesn't have enough layers in position. Security requirement can be identified as functional requirements and assurance requirements.Organization choose to be certified against the BS7799 standard to provide confidence to their customer base and partners. That is why industries make effort to comply with these standards.
Sometime numbering of the IT security standards are confusing.BS7799 security standard has two parts. After ISO took BS7799 under their wings, they introduced their own numbering.
BS7799 part 1 - ISO17799 outlines control objectives and a range of controls that can be used to meet those objectives
BS7799 part 2 - ISO27001 outlines how a security program can be setup and maintained.
COBIT defines the method of building the IT inf structure. COBIT is control objective for information related technology.this is not just about security.COBIT is a whole structure how to set up IT infrastructure. In COBIT there are four domains ;
- Planning and Organization
- Acquisition and implementation
- delivery and support
- Monitoring
- Management of IT security
- IT security plan
- Identity management
- User account management
- Security testing,surveillance and monitoring
security governance is that security is controlled by not just IT but with board members and senior management.Everybody who suppose to be involved should involve in the security.Security policy, standards, baseline, guideline and procedures have to act together to realize strong security.
Data owner is the person who responsible for protecting the data.custodian usually the IT department to the actual security setup to make sure it meet that protection level.
No comments:
Post a Comment