Tuesday, February 20, 2007

Security - not just a one-time event

Managed Security. Many organizations take a "Project" vs. an "Investment" approach to securing their information assets. With "Project" security, an organization waits until a security breach occurs and then the organization takes appropriate action. For example, an organization gets hit with a virus. It then authorizes the acquistion of anti-virus software. The Project approach to security is typically ad-hoc with many as yet undiscovered vulnerabilities.

An alternative approach to security involves the "Investment" approach to security. By investing in security, the organization recognizes that securing the network infrastructure is critical to the success of the organization. The "Investment" approach typically uses a managed approach to security.

A managed approach to security can better balance functionality with security and typically involves the following five phases:


  • Security strategy


  • Security alignment


  • Security design and implementation


  • Security monitoring


  • Security audit


For more information on these five phases, please visit Security Overview.

Labels: ,