Organizations Need To Mandate Investments To Upgrade Their Security By Mehdihasan Naqvi, Head IT, Otis India

Organizations Need To Mandate Investments To Upgrade Their Security

Mehdihasan Naqvi, Head IT, Otis India | Wednesday, 18 September 2019, 09:50 IST

  •  No Image

Mehdihasan Naqvi, Head IT, Otis IndiaCompanies need to have a broader view of security to create a management framework that can sustain security for their organization. Enterprise security is the way to integrate guidelines, policies and proactive measures for various threats and vulnerabilities.

Enterprise Security points to all risks that affect the core business of an organization. It includes the process of unwanted and illegal software, deliberate mistakes committed by employees, internal security threats, and external security threats.

The Enterprise Security Framework Architecture comprises following factors:

1. Organization compliance: The number of regulatory requirements may affect the internal customer, an external customer, the end product or service delivery. The enterprise framework aims to resolve any conflicting business objectives, as well as meet the regulatory and internal compliance requirements.

2. Identification of Data: The key challenge for an enterprise is to gain clarity around resolving conflicts pertaining to data privacy requirements, vulnerability and organizational objectives. The enterprise security approach helps enterprises gain transparency around, both at the infrastructure and data security level.

“Enterprise Security is an ongoing process and is needed to keep every aspect of the organization secure. Organizations cannot afford to take any shortcuts”

3. Security Transformation: Enterprise Security adopts the approach of “designing a security framework at all levels” of an organization. It addresses security capabilities from the governance level all the way through to designing, and involves planning to build, monitor and deliver security throughout all organizational unit, processes and business functions.

Implementing Enterprise Security Framework

All business representatives will consult the Chief Security Officer or Chief Information Officer to deploy and manage the enterprise security as well as they setup the approach to be followed by the organization to reduce risk .

A strategic approach towards enterprise security involves the following steps that should be undertaken:

• Patch and Antivirus management: Software vulnerabilities are one of the leading issues in the enterprise environment. Patches are additional code to replace flaws in software.

• Physical Security: Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit the data.

• Logical Security: consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation.

• Threat and Risk Investigation: Threat is the birth of all Incidents. They include targeted attacks by malicious insiders and external customers, service and system disturbance, human error and natural disasters. It is not possible to prevent all incidents; enterprises can decrease the likelihood and impact of risk by investigating the current and future threats. Risk can be accepted, mitigated, transferred or avoided. Organizations need to have a defined and well-exercised incident management process.

• Change Management: Procedure and process need to be developed to ensure that the methodology for changes and modification to the existing system guides all the IT personnel and functional users in the successful initiation and completion of the project.

• Incident Response: A data breach team needs to be formed so that when any data incident arises it can be reported and evaluated.

• Media Sanitization/Destruction: Sanitization is to permanently erase data from your hard drive, especially when the information stored is confidential. However, erasing data does not mean you have to delete data permanently and you cannot recover your data.

Value of Enterprise security strategy                          

1. Competitive Edge over the Competitor

An enterprise security strategy can be a competitive edge when customers select products, services, and business partners.

2. Eliminate unnecessary costs and losses

An enterprise security strategy protects critical data and assets from theft and compromise and eliminates costs of recovery and losses.

3. Reduce negative impact

An Enterprise security strategy can reduce the impact and costs from an eventual attack and potential data compromise.

Conclusion

Organizations need to mandate investments to upgrade their security to achieve a compliance level of protection. Organizations can no longer rely on keeping IT security lean in an attempt to cut operational costs.

Enterprise Security is an ongoing process and is needed to keep every aspect of the organization secure. Organizations cannot afford to take any shortcuts. The above-mentioned information can be used by enterprises to make sure their organizations are constantly and quickly adapting to the latest threats.

On The Deck

CIO Viewpoint

Humanity In A Digital World

By Sumi Ghosh, CEO at Tata Starbucks Pvt. Ltd

Organizations Need To Mandate Investments To...

By Mehdihasan Naqvi, Head IT, Otis India

Urgency Of Securing The Cyberspace

By Sanjeev Jain, CIO at Integreon

CXO Insights

Cloud Computing Trends And Strategies For 2019

By Manu Sharma, Director Information Technology & Corporate Security, OnMobile GLobal Limited

Top Cloud Computing Growth Drivers

By Vishal Vasu, Director & CTO, Dev Information Technology Ltd

Financial Services - Adopt Cloud For Speed And...

By Suvrata Acharya, Global Delivery Head & SVP, NIIT Technologies

Facebook