Integrating People, Process and Technology
The state of information security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that covers nearly all aspects of an organization and involves resources with different skills and levels of expertise. It is not a fixed cost nor a fixed duration project but rather an on-going business program (the Business Information Security Program) with strategy, plans, objectives and stakeholders.
To accomplish such a program, organizations must design, implement, enforce and monitor a horizontal organizational workflow comprising of vertical and horizontal security processes that are activated, sustained, or interrupted based on information provided from people, (other) processes and technology (systems).
Reality however is quite different. In most commercial environments information security is typically assembled from disparate vendors and products. Interoperability on this basis is virtually infeasible as vendors use their own closed proprietary interfaces, semantics and workflows, limiting potential for horizontal unified process management and centralized control. Obvious implications are high operating expenditures, ineffective resource allocation, increased compliance risks and vulnerable security architectures.
Technology by itself is not the solution, as we cannot rely entirely on security products to identify and prevent threats without contemplating complexity and the human factor risks. Technology will never be sufficient to prevent security incidents from happening, since it is a mathematical certainty that systems will fail at least once within their lifetime.
Download the rest of the white paper
CEO, George Patsis is a highly accomplished expert in information security with a proven track record in developing and implementing large-scale security programs for major Global 500 Corporations.