Is your Company's information protected?
This note marks the beginning of the week and the new sponsor of my
Notes on Security, BiAHEAD, to whom I address my thanks.
As we know, security requires the adoption of management models. The technology, the processes, and people are the vectors that must be addressed in a systematic way by these models, particularly in the context of Information Security.
One of the main challenges when assessing the overall state of an organization's security is what we call the false perception of security. Why? Because it is very common to think we're secure when we have filtering systems – firewalls –, antivirus systems, and when we update software we use on a regular basis.
However, although technology may be implemented and the processes defined, it's a fact that it's through people that many of the security incidents currently occur. And these incidents may have many sources, e.g. attacks carried out by social engineering, forgotten confidential documents in printer trays, post-it notes with passwords stuck to monitors, or even malicious sites on the Internet. In these scenarios the chain of trust and the security models we use today may be insufficient.
We all know that technology plays a fundamental role in the protection of information assets, and that processes and security management must be in place, aligned with organizational requirements. We believe, however, that people are what makes the difference. By acting at this level, with awareness raising, training, and control activities, we can improve security and we'll be able to evaluate in a systematic and effective way the organization's overall security.
BiAHEAD is a consulting firm focused on Information Security. It has consultants with extensive experience in multiple security areas, that can help organizations evaluate and implement the most adequate security management models, given the risks of the most pressing attack vectors.
The address? www.biahead.com.