“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” – Stephen Hawking
With the changing business dynamics and the alignment of the business goals with the information technology to have a single integrated holistic governance and management structure, it is vital to have controls to safeguard IT related systems. Information technology has proved to be a goal enabler for businesses.Enterprise boards, executives and management have to embrace IT like any other significant part of the business. External, internalrequirements related to enterprise use of information and technology is significantly increasing and if breached, proves to be fatal.
Information has become a key asset for any organization. Information technology plays a vital role in the information management cycle. Safeguarding information technology related systems from internal and external threats should be in line for any business strategy in order to have continuity of services and stakeholder satisfaction. Infrastructure and costs can be retrieved but lost reputation due to security failures and breaches of confidentiality, integrity and availability prove to be threatening for any enterprise striving for long term business relationships and industry reputation. As proposed, a layered architecture to information technology security with control checks on internal and external threats mitigates the risk of security breaches.
Information technology assests pertaining to the enterprise need to be identified and controls to safeguard them must be cost efficient .Safety and precaution complement each other, in order to attain safety, precautionarymeasures are adhered to with the identification of the system and its transactions. Information technology security scope has been diversified extensively .Human intervention isthe foremost security vulnerability within an enterprise. Employees turnout to be the biggest threat to any IT related system, though the intervention may or may not be a conscious one, it still directs the system to a fatal security threat .With the people, process and technology sitting at heartof any layered architecture security model it’s obvious and threatening that the biggest vulnerability, “people”, rest backs safely unguarded at the core. Social engineering, downloading malicious content, data misuse and the lack of information put the system to a scenario of unknown exposed risk of impounding security threats. The employees are not even aware about the security policies and instill the critical information systems to a threat level which is maximum and fatal in nature. Much has to be done to establish cost effective controls to minimize and monitor this internal threat .Information Technology is vital for any business goal attainment along with realization of customer satisfaction delivery and if left unguarded-its threatening to the value both in monetary and reputational foregrounds.
Ashutosh Joshi
MBA-IT
IIIT Allahabad