The computers brought in the revolution of computing
and the Internet technologies exploited the computer networks to
enable people share information sitting on their computers. While it
has become extremely easy to share information using these
technologies, it has become more important to monitor the flow of
Hence the need has arisen for Information Technology
Security and the IT security standards.
Every company that has their Information technology in place,
must have their own IT security policy. Common standards will help
ensure that all departments/companies have an effective and secure
environment for IT processing.
The protection of computer systems and related data in
any organization requires an approach that results in implementation
of a balanced, cost-effective application of security disciplines
and techniques required by the IT security standards.
IT Security standards shall define the processes, procedures, and
practices necessary for implementing a department/agency-specific IT
security program. These standards apply to all IT activities,
whether they are operated by or for an agency. They include specific
steps that shall be taken to ensure that a secure IT environment is
maintained. All agency systems must take care of privacy and
security of confidential information.
Every organization will have a shared trusted network
environment for interaction between departments as well as with the
clients. This shared network has to be protected from all kind of
This trusted environment shall be protected by these IT
security standards based on a set of key principles as below:
of security with a customer-centric focus.
risk assessment that results in an adequate level of security.
levels that commensurate with the shared risk to the
programs that support industry standards
approach to access control.
levels of security and integrity for data exchange and business
authentication processes, security architecture(s), and trust
testing, and audit provisions.