In many organizations confusion when assigning or distinguish the functions expected of a Computer Security area versus the area of Information Security. Some of them do not even exist as separate areas. Because most have an installed technology infrastructure security, whether tools or perimeter defense or any other device.
What is the difference between them?
We can say that Information Security is the set of procedures, supported by technological tools provide mechanisms "Security" for information residing, stored or transmitted.
But what happens to the "Information" which is not transmitted by such means?
What to do with threats to the business as terrorist attacks, social engineering or defamation affecting a Brand or people in the organization?
As an example, remember the value of the action of Apple Computers was affected when the news that Steve Jobs (founder) was suffering from pancreatic cancer was disclosed. It was true, but it created an immediate devaluation.
To address anything related to "INFORMATION SECURITY" of the company, without necessarily being technological tools should have Information Security awareness. Additionally there are other roles that can not be covered by the Department of IT, because their engineers have the highest privilege level on Infrastructure. They could delete logs, removing evidence, scaled permits, install, uninstall and more.
For this reason the Technology Department needed someone else to "monitor" and check that the mechanisms of protection are met, even by themselves. This is where information security course play an important role to train organizations in the IT security areas.
Likewise, the normal operation of the IT department does not include management and control of information on paper, such as documents, contracts that are in charge of other areas of the company. This vital business information cannot be unprotected just because it is not in digital media. With this complex and comprehensive picture, it is clear that there must be a separate area, detached from IT, to monitor the effective implementation of the necessary controls to safeguard the most important asset of Business: INFORMATION.
Finally, the ISO / IEC 27001 standards in the category of segregation of duties require a separate area monitor and audit all controls Standard Information Security. It is clear that to accomplish this, information security is impaired as it would judge and party. International institute of cyber security is pioneer in providing information security course to individuals and organizations to understand importance to security in information age. Posted by Webimprints.
What is the difference between them?
We can say that Information Security is the set of procedures, supported by technological tools provide mechanisms "Security" for information residing, stored or transmitted.
But what happens to the "Information" which is not transmitted by such means?
What to do with threats to the business as terrorist attacks, social engineering or defamation affecting a Brand or people in the organization?
As an example, remember the value of the action of Apple Computers was affected when the news that Steve Jobs (founder) was suffering from pancreatic cancer was disclosed. It was true, but it created an immediate devaluation.
To address anything related to "INFORMATION SECURITY" of the company, without necessarily being technological tools should have Information Security awareness. Additionally there are other roles that can not be covered by the Department of IT, because their engineers have the highest privilege level on Infrastructure. They could delete logs, removing evidence, scaled permits, install, uninstall and more.
For this reason the Technology Department needed someone else to "monitor" and check that the mechanisms of protection are met, even by themselves. This is where information security course play an important role to train organizations in the IT security areas.
Likewise, the normal operation of the IT department does not include management and control of information on paper, such as documents, contracts that are in charge of other areas of the company. This vital business information cannot be unprotected just because it is not in digital media. With this complex and comprehensive picture, it is clear that there must be a separate area, detached from IT, to monitor the effective implementation of the necessary controls to safeguard the most important asset of Business: INFORMATION.
Finally, the ISO / IEC 27001 standards in the category of segregation of duties require a separate area monitor and audit all controls Standard Information Security. It is clear that to accomplish this, information security is impaired as it would judge and party. International institute of cyber security is pioneer in providing information security course to individuals and organizations to understand importance to security in information age. Posted by Webimprints.
0 comments:
Post a Comment