Without doubt, information is the most valuable asset for any organization. Information is collected, stored, utilized, exchanged and shared and therefore, exposed to loss, risk and abuse. A proper understanding of information security and its application is crucial for organizations to transact any kind of business today. Having the right controls in place to manage and mitigate risk is an essential requirement for all corporate entities.
In today's global computing environment, enormous amount of data transactions take place over the Internet. Soon physical attacks will become history as most attacks will occur online and will have the potential to cause much greater damage to society.
Network vulnerabilities are growing at an alarming rate and when the whole world is online, network protection is a must to ensure cyber security in key areas like defense, banking and finance, government and corporate sector.
Most organizations use a firewall to provide adequate security to the organization's network. However, any network can be compromised by a hack attack which can originate from outside or from within. Despite the best technology available, people are still the weakest link in the security chain.
Unauthorized access to data might force organizations to deal with digital abuse, loss of intellectual capital, loss or misuse of customer data leading to litigations, loss of reputation and risk of compromising business continuity.
Senior management executives need to be aware of the danger, which their companies face due to increasing dependence on the Internet. A majority of cyber crime cases involve disgruntled employees.
Important questions we need to ask ourselves
- How secure is our information systems infrastructure to prevent external and/or internal attacks?
- Is information security policy defined for our organization?
- How does our organization monitor and implement information security?
- Is the existing security infrastructure actually securing what it is supposed to secure?
- Are business processes clearly defined?
- Do we have internal controls in place?
- Do we assess and review these controls regularly?
- Are all employees aware of basic information security guidelines?
- Is information security awareness training conducted on a regular basis for employees?
- Do we have a business continuity plan in place?
- Do we have the business resilience to recover from a disaster?
- How do we assess and manage risk?