TechHQ.Com

BPO.Info

 

 IT Security

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

ITBPO.com

The Information Technology  Network 

IT Trends - Jobs - Training - Contracts - Books

 

Information Technology Security

Introduction

   The computers brought in the revolution of computing and the Internet technologies exploited the computer networks to enable people share information sitting on their computers. While it has become extremely easy to share information using these technologies, it has become more important to monitor the flow of information.

   Hence the need has arisen for Information Technology Security and the IT security standards.  Every company that has their Information technology in place, must have their own IT security policy. Common standards will help ensure that all departments/companies have an effective and secure environment for IT processing.

   The protection of computer systems and related data in any organization requires an approach that results in implementation of a balanced, cost-effective application of security disciplines and techniques required by the IT security standards.

  IT Security standards shall define the processes, procedures, and practices necessary for implementing a department/agency-specific IT security program. These standards apply to all IT activities, whether they are operated by or for an agency. They include specific steps that shall be taken to ensure that a secure IT environment is maintained. All agency systems must take care of privacy and security of confidential information.

 Every organization will have a shared trusted network environment for interaction between departments as well as with the clients. This shared network has to be protected from all kind of misuse.

 This trusted environment shall be protected by these IT security standards based on a set of key principles as below:

 

  • Implementation of security with a customer-centric focus.

  • Right risk assessment that results in an adequate level of security.

  • Security levels that commensurate with the shared risk to the Organization.

  • Security programs that support industry standards

  • Least-privilege approach to access control.

  • Appropriate levels of security and integrity for data exchange and business transactions;

  • Effective authentication processes, security architecture(s), and trust fabric(s); and

  • Compliance, testing, and audit provisions.