Andrew Rimmer of Secure Assure has produced a short article about the stuffier side of Information Security that outlines the benefits of a well governed security practice.
When most people think of security they regard it as a few geeky hackers and tech heads who spend their time in their bedrooms or computer halls
While this is a valid and real image of security “specialists” the real power in the security world is driven by the practitioners of “pin-stripe” security
Pin Stripe security is practised by women in suits for other women in suits who control the way in which business is run.
It is about providing security governance across all areas of IT systems and how they are deployed.
It covers the security requirements for business continuity – making sure that we have procedures in place to make sure that our BC / DR sites are as secure as our main sites, and that we have systems and services that are available and consistent.
It covers the governance of personnel, from the moment we specify the security attributes of a role to the moment when we remind departing staff of their ongoing requirements to protect our business secrets from unauthorised disclosure or corruption.
It covers the procedures and documentation for IT services that enables consistency and repeatability, reducing the risk of human error (deliberate or accidental) that can and do cause our assets to be compromised from a confidentiality, integrity or availability perspective (i.e. it provides a process to make sure the “geeky” stuff is managed correctly).
It covers the risk assessment that enable businesses to clearly identify risks to their systems, the threat sources and the effects of compromises of the systems. These assessments help to make financial decisions about whether to monitor, fix or insure these risks.
Pin Stripe security ultimately builds a series of secure rings around your valuable business assets, reducing the risk of compromise and the penalties or adverse press releases that inevitable surround a data loss or system crash.
For example it can help ensure that mobile phone suppliers did not ship handsets with default passwords, their call centres would have rigid procedures in place to prevent unauthorised password (PIN) resets, or an alert would be sent to customers if voicemail accounts were being hacked.
Compliance to recognised security standards that underpin Pin Stripe Security is now becoming a necessity to win major contracts within financial and government arenas. There are even a set of ISO standards (Secure Assure hold the highest certification in the ISO27001 standard) to make sure that security is able to be benchmarked and applied in a consistent and meaningful manner.