IT System Security Solutions Management
Security Challenges :- IT systems are prone to
failure and security violations due to errors and vulnerabilities. These errors
and vulnerabilities can be caused by many factors, such as rapidly changing
technology, human error, poor requirement specifications, poor development
processes or underestimating the threat. In addition, system modifications, new
flaws and new attacks are frequently introduced, which contributes to increased
vulnerabilities, failures and security violations throughout the IT system life
cycle.
The industry came to the realization that it is almost impossible
to guarantee an error-free, risk-free and secure IT system due to the
imperfection of the opposing security mechanisms, human error or oversight, and
component or equipment failure.
Completely secure IT systems do not exist; only those in which the
owners may have varying degrees of confidence that security needs of a system
are satisfied.
In addition, many information systems have not been designed to be
secure. The security that can be achieved through technical means is limited and
should be supported by appropriate configuration, process/ procedure and
management.
Security Assessment and Management :- Security
assurance requirements are determined by “analyzing the security requirements of
the IT system, influencers, policies, business drivers and the IT system’s
target environment. Influencers are any considerations that need to be addressed
as they may affect the IT system assurance requirements. The influence can have
any origin and may include such intangibles as politics, culture, local laws and
mandated requirements".
Security is concerned with the protection of assets. “Assets” are
entities upon which someone places value. Many assets are in the form of
information that is stored, processed and transmitted by IT products to meet
requirements laid down by owners of the information. Safeguarding assets of
interest is the responsibility of the owners who place value on those assets. A
risk assessment is performed to provide an in-depth look at asset sensitivity,
vulnerabilities and threats to determine the residual risk and recommendations
for existing and proposed safeguards. The recommendations implemented are
factored into the original security requirements to revise the security
assurance requirements.
The task of IT security (ITS), Solutions and management is to
manage the security risk by mitigating the vulnerabilities and threats with
technological and organizational security measures to achieve an IT system with
acceptable assurance. ITS management has an additional task: establishing
acceptable assurance and risk objectives. In this way, the stakeholders of an IT
system will achieve reasonable confidence that the IT system performs in the way
intended or claimed, with acceptable risk and within budget.
It is also important to note that “assurance requirements are
unique to each environment due to the varied business and security requirements.
The same IT system may not be suitable to other environments without
modifications in line with its requirement.
To achieve comprehensive assurance, the IT system must be assessed
to ensure the correct design, implementation, operation and the deliverable must
provide the appropriate security functionality to counter the identified threats
and weakness. So YCus will provide the complete solution to
function in secured environment
