About Us Products & Services Our IP Network Customer Support Resource Centre
Search
Contact Us
Sitemap
Home
  Extensity Newsletter
Vol. I   Issue    Jan, 2005
CASE STUDY
SIFY NEWS
KNOW-HOW
TECH TRENDS
EMERGING PICTURE
 
Previous Issues
 
You are here : Home | Extensity Newsletter | Emerging Picture

Security

There's good and bad news on the IT security policy front. The good news is that 71 percent of organizations have a security policy. Enterprises are actively involved in framing the security policy with the participation of the CEO and functional heads participating actively in 49 percent of the organizations surveyed.

If the investment in other security solutions is not very forthcoming, the awareness is certainly there. Data security (91 percent) is the prime area covered by the security policy. Unauthorized employee access and perimeter security follow with 81 percent, and 53 percent respectively. Regulatory mandates for compliance not withstanding, these along with active participation are good signs.

Next comes the frequency of security policy reviews. This is crucial for having a properly effective policy. It is good to see that 32 percent of the organizations review their security policy once in three months and 22 percent review once in six months. 22 percent review the policy once a year, and the rest have no fixed frequency.

The bad news is that almost two-thirds (63 percent) of organizations do not conduct any kind of security audits. This is an irresponsible approach that can render the entire security infrastructure ineffective. BS7799 (14 percent), ISO 17799 (8 percent) and COBIT (2 percent) are the most widely used security audit standards in India.

Another issue, in connection with conducting security audits, is the lack of outside involvement in the form of external consultants. Almost two-thirds (62 percent) conduct security audits in-house. Only 38 percent engage the services of an external consultant for this purpose.

This is not a desirable approach since an internal audit might be biased. Also, an external consultant will have a higher level of expertise for detecting vulnerabilities, by using ethical hacking methods. This can be attributed to the fact that as consultants they have experience over different types of infrastructure, something the internal auditors lack. It is in this context that we suggest a combination of the in-house IT team and external consultants for security audits. In fact many of the best security infrastructures in India use separate audits done by the internal team as well as external consultants. This results in a better quality of audit.

 
 
Search Engine Marketing by Sify SEO
  Best viewed at 800 by 600. Copyright © SIFY Limited. All rights reserved.
Privacy Statement Disclaimer