IT Infrastructure Security - Under the Magnifying Glass...

What are the risks?

• The disgruntled insider who has an attitude and wants to cause some damage. Since they are familiar with and usually have access to systems and hardware, the potential for damage can be huge.
• Corporate espionage. There is a legitimate practice called "Competitive Intelligence", but there are also illegal measures taken and funded by competitors.
• Threats of infectioncaused by hackers and/or cyber-terrorists.

What are the potential consequences?

• Loss of information assets: intellectual property and trade secrets.
• Loss of system availability due to the result of being "hacked" or infected with a virus.
• Loss of corporate reputation.
Embarrassment due to being hacked.
• Loss of long-term business future due to inadequate business continuity planning to address a catastrophic event.

How is it usually managed?

Because of the constant barrage of new technology, information security is usually an add-on and not baked into the overall Information Technology (IT) design / infrastructure. It is usually addressed in a piecemeal fashion - one problem at a time. "We have a problem so we buy a solution to specifically fix that problem". With this approach you usually end up with robust security in some areas, and weak or no security in other areas - vulnerable.

How should it be managed?

An effectively secured IT Infrastructure must be based upon the same prudent business practices that applied to earlier manual systems; careful definition of individual responsibilities, separation of controls, maintenance of audit trails, protection of vital records, and access to information limited, based on "need-to-know". Successful implementation requires a top-down approach:

• Executive leader championship
• Comprehensive Policy
• Sound business practices with comprehensive controls
• Ongoing program to heighten and maintain employee security awareness
• Periodic reviews or internal audits to provide assurance

Responsibility for IT Security rests with all employees on an ongoing basis.