IT Security Architecture

An Information Security Architecture is based on the Corporate Information Security or Protection Policy. Often Corporate Security is the role of Human Resources, while Corporate IT Security is the role of Information Technology. The protection of Information in all of its forms is a joint responsibility, and the Policy must be developed together and adopted at the highest level of the company. If the CEO doesn't endorse and promote the Policy, then anything else is a waste of time!

Underneath the Corporate Information Security Policy, the Information Security Architecture has three legs:

• Process

• Technology

• Metrics

All three legs are equally important and dependent upon each other. I have been told "Don't tell us what we should do, tell us what we should buy!" Well, it doesn't work like that. While some products (such as anti-virus software) have a tremendous effect on reducing risk, they alone cannot create a climate of security in which information can be protected successfully.

 © Jana Information Systems Services Limited, 2006