when we supplement People, Process and Technology together. Enterprise Security includes the strategies, techniques, and process to Secure digital assets, Data and confidentiality.
integrity is also a major Risk Factor for enterprise Security. The combination of Threat and Vulnerability is known obsolete Risk.
ES comprises the strategies and techniques that companies undertake to reduce the risk of unauthorized access to data, IT systems, and information. The activities in enterprise security include the institutionalization, advancements, change and evaluation of a firm’s enterprise risk management (ERM) and security methods. To reduce and eliminate the risk of unauthorized access to information technology systems and data, you need to have a comprehensive strategy that secures all entry and end points.
Mobile security has always been an issue with enterprise security and will remain so in 2020 as well. Especially when everybody working from home and using untrusted Connectivity in pandemic situation. Too many employees have a careless attitude towards workplace security, which makes the job of an attacker easy. The threat is likely to come from the network (compromising a single Wi-Fi connection) or phishing.
It is not difficult for criminals to gain access to both corporate data as well as personal data from an easy-to-breach mobile device. Mobile device management tools and remote wiping, basic security precautions, are put in place only by 50%.
Enterprise Security architecture is key factor in the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel so that they align with the organization’s core goals and strategic direction. Although often associated strictly with enterprise Security, it relates more broadly to the security practice of business optimization in that it addresses business security architecture, performance management, and security process architecture as well.
Securing the enterprise is no easy task. When we talk about Enterprise Security, everybody thinking about, how to enhance Cybersecurity measures for enterprise? and How to keep attackers out?
 Key Points to be remember-
- Security Concept, Solution and Strategy alignment with your Business.
- Manage and Review your Security Parameters and Policies against Growing Threats.
- Prioritize and Modernize your security Solutions.
- Security Solutions should be aligned to Protect Users Data and digital assets.
- strong network required with industries cyber Security Leaders and knowledge Sharing.
- Believe in zero trust policy.
IT security deals primarily with the confidentiality, integrity, and availability of information and provides mechanisms to protect these aspects. When information is compromised, the result is a change in state of one of these aspects.
- Confidentiality: ensures that privileged or sensitive information is accessible only to those individuals with a valid requirement to view and access the information. It is particularly important when concerning personal information, intellectual property, and classified or sensitive information in a government context.
- Integrity: refers to a lack of corruption in data or overall consistency. When integrity of information is compromised, it creates a lack of trust wherein data may have been manipulated, changed, or deleted.
- Availability: relates to having access to authorized information when it is required. Should information be affected so it cannot be accessed when needed and authorized, then availability has been compromised.  Â
Security architecture to Establishing the Business Context and should consider the following key questions: APPPTT
- Assets -what are you trying to protect at each layer?
- Purpose- why are you protecting these assets?
- Process- How will you achieve your objective?
- People- who is involved in applying security?
- Target-where are you applying security?
- Time- when are you applying security?
Hide and Seek pattern-
- It’s hard to predict risks and attacks.
- When they get in. it’s hard to find them.
- When we find them, it’s hard to get out.
What can we do? –
- Understand the threat or attack.
- Do research and discus with Security Leaders.
- Find out root and be Agile.
- be Resilient and adopt approaches for continued operations during cyber-attacks.
- Prepare incident Report for future references.
every employee is virtually part of the security equation and having a security culture that includes education, collaboration between IT operations and security teams, and security tools is essential.
Lack of security awareness still plagues the organization, as employees and IT staff often make mistakes that leave the company vulnerable. Those include: weak passwords, bad email practices, out-of-date policies and tools, no monitoring, and no knowledge of where data resides. Still organizations want to live in their comfort zone and not following best practices and result is they are facing cyber-attacks.
Organizations need to defence in depth. Use the lifecycle of InfoSec tools of firewall, filtering, DLP, IOT security, encryption, IDS/IPS, DNS security, pen tests, container security, WAF, DDoS mitigation, cloud security, and last but not least, don’t forget physical security.
Â
very well documented Yogendra
In this whole game, management buy-in and understanding security concerns are also very important. Of course, this is increasing but there would be CIO friends who may have difficulties in dealing with such a situation.
The other point is there are a plethora of solutions available, one needs to be selective, relevant for his/her business rather than doing something under peer pressure or as a fashion statement
Agreed