The information security plan describes how
the security is implemented, defined policies, controls and solutions. The
information security plan is developed considering all the IT resources
depending on the security levels achieved and the pending aspects. An
information security plan should focus on the actions required to achieve
higher levels of security. It is very important to define the scope of an
information security plan. According to logical security services company
experts, the scope helps in defining priorities and actions depending on the IT
resources.
Physical security and logical security are two
aspects of an information security plan and
are necessary for implementing security in the companies. Below are the details
of each aspect.
LOGICAL
SECURITY
An important part of an information security
plan is logical security. Logical security solutions with logical security
controls form a path to implement logical security.
LOGICAL
SECURITY SOLUTIONS
There are a great number of logical security
solutions provided by various logical security services companies. Enterprise
logical security solutions are required for the prevention, detection and
recovery from a security breach. Logical security solutions and services avoid
unauthorized access to company’s information. According to logical security
services company’s expert, logical security control and network perimeter
security systems are integral parts of logical security services. Logical
security solutions and services create logical barriers that protect access to
company’s information.
As per the experience of logical security services company experts,
traditionally enterprises relied on network perimeter security systems to
defend against network threats and antivirus programs to defend against content
threats. However, these systems do not provide complete protection against
advance attacks. Logical security services company experts claim that the
defense against sophisticated attacks is beyond the capacity of conventional
logical security solutions and this has accelerated the need for logical
security services and advanced solutions.
PERIMETER
SECURITY SYSTEMS
An important part of the logical security
solutions and services for companies is a perimeter security system. All
companies, regardless of their size and the sector they are engaged in,
currently have some form of perimeter security system for cyber defense against
cyber attacks. Network Perimeter security systems are responsible for the
security of the company’s IT resources against external threats such as
viruses, worms, trojans, denial of service attacks, theft or destruction of
data, and so on.
Formerly network perimeter security systems
only incorporated firewall, but the market for perimeter security system is
changing a lot and in present moment a network perimeter security system even
incorporates IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention
Systems). Perimeter security system specialist explains that a network
perimeter security system should inspect application protocols, content and
should use advanced techniques to identify unknown threats. Perimeter security
systems provide protection at two different levels. The first level is the
network; the network perimeter security system provides protection against
threats like hackers, intrusions or theft of information in remote connections.
The second level is the content; perimeter security system for content provides
protection against threats such as malware, phishing, spam and inappropriate
web content for companies. This clear division and the way in which threats are
evolving in recent years has led to perimeter security system companies to
focus on the development of dedicated teams for either end.
IDENTIFICATION
AND AUTHENTICATION OF USERS
Identification and authentication of users is
an important part of logical security solutions and
services for companies. Access controls help in identification and
authentication of users. The allocation of rights and privileges in an access
control system are controlled through the authorization process which
determines the profile of each user. Logical access controls solutions
guarantee access to authorized users and prevent unauthorized access to IT
resources. According to the experience of logical security controls experts,
during the implementation of access control solutions companies should consider
the following:
§ Logical security controls for classification, authorization and
distribution of information.
§ The standards and company’s obligations regarding protection of
information access.
§ Security audit processes to verify access controls.
§ Maintaining access records for each service or IT system.
§ The procedures for user identification and verification of
access of each user.
§ Logical security controls should cover all phases of the
lifecycle of user access, from the initial registration of new users to cancel
the registration of users who do not require access to IT resources.
§ System and authentication method used by the access controls
systems for information security.
§ Considering advance logical security solutions for access
control, such as biometrics, smart cards, etc.
§ Define IT resources, which must be protected with the help of
access control solutions.
Authorization processes and methodology used
by access controls system.According to logical security control experts, the
review process of user access rights is very important after any change.
Companies should implement network perimeter security solutions in order to
prevent unauthorized modification, destruction and loss of data belonging to
access control system.
LOGICAL
SECURITY CONTROLS
The primary objective of logical security
controls to provide guidance and help to the management, in accordance with
business requirements and security standards. Logical security controls
represent business goals and commitment to data security and should be
communicated to all employees of the company.
Logical security controls define the resources
that must be protected and what are the logical security policies. Logical security
controls themselves do not define how the IT resources are protected. This is
defined through logical security services and logical security solutions. For
each control there are several logical security solutions that may exist. Since
logical security controls can affect all employees, it is important to make
sure to have authorization for the implementation and development of the same.
Logical security controls must be approved by logical security controls experts
with experience in implementing logical security solutions and the management
of the company that has the power to enforce them. Controls for incident
management, data backup and protection of personal data form an integral part
of logical security controls.
PHYSICAL
SECURITY SOLUTIONS
Another important part of the information
security plan is physical security. The physical security solutions are
designed to achieve efficient management of security and these solutions must
ensure compliance with the standards, as well as established by the company
itself. The physical security solutions are intended to prevent unauthorized
physical access, damage and interference to the IT infrastructure and company’s
confidential information. Physical security solutions form an integral part of
the information security solutions. IT departments and other departments which
have data management can implement physical security solutions. The security
plan identifies the areas controlled inside the company, the areas that have
specific security requirements and on this basis; limited, restricted and
strategic areas are declared and physical security solutions that apply to each
area are described.
Generally physical security solutions create a
physical barrier around the areas of information processing. But some physical
security solutions use multiple barriers to provide additional protection.
Companies must periodically do the performance review of the solutions
implemented and determine the actions required to achieve the business goals.
The protection of the IT infrastructure and business devices form an integral
part of physical security solutions and is needed to reduce the physical
threats of unauthorized access to information and risks of theft or damage.
These solutions must take into account the actions needed to fill gaps in
security and for correcting errors. The physical security solutions ensure
information protection against power failure, interception of information and
protection of cables. According to experts of physical security solutions, physical
threats and damages that may be caused by fires, floods, earthquakes,
explosions, and other natural or man-made disaster should be considered during
the implementation of physical security solutions in companies.
Implementing a information security plan is an
important step in the field of security as per experts from an organization
specializing in logical security services for companies. The information
security plan should adjust to the security system in place and manage
security. The security plan should be very understandable and ensures
compliance. The information security plan experts should assure that the
security plan is updated based on the changes, new logical security controls
and physical security solutions.
0 comments:
Post a Comment