We are 74th in the 2010-2011 World's Best University Proud to be with NTU |
The security of business IT systems has never been more important. Organizations are increasingly reliant on IT infrastructure such as websites and computer system to support their activities, which leaves them vulnerable to threats from hackers, viruses and disgruntled staff.
At the same time, information technology continues to evolve at an incredible rate, bringing with it new security threats and quality professionals are now facing the difficult task of protecting their organization's IT system.
Security Threats
According to antivirus software developer McAfee, cybercrime is a growing problem all over the world. The President of McAfee, Dave DeWalt says:" A lot has been done to combat cybercrime over the past decade, but criminals still have the upper hand. The chances of getting caught knocking off a convenience store are several times larger than robbing an online bank".
His argument was given more weight in December 2010, when MasterCard and Visa had their websites shut down by hackers after the companies announced they would no longer process donation payments to controversial website Wikileaks.
Smaller organizations should also be concerned about cybercrime. According to research by the Information System Audit and Control Association small-and medium- sized businesses need to do more to protect themselves from cyber attacks. Notably, its research has found that the number of employees willing to take risky actions online, such as providing a work email address when shopping over the internet or following an unknown link, has risen over the past 12 months.
While not all IT security threats have as high profile as hackers, they can be just as critical. In the last few years, cloud computing, whereby shared servers provide resources, software and data to computers, has become one of the fastest growing segments of the IT industry. Recession-hit companies are increasingly putting their faith and their data in the cloud, which has its own inherent risks.
The ISO Solution
The ISO/IEC 27000 series of information security standards provides best practice recommendations for information security management systems. Professor Edward Humphreys, the convenor of the working group responsible for the development and maintenance of ISO/IEC 27001, says the most immediate challenge for quality professionals working within IT is being aware of the risks involved.
"Cloud computing is an example of a technology in which managers are largely unaware of the risks," he says."People don't know where their data is kept, except that it's in the cloud. Physically, it could be anywhere-Philippines, America, Singapore or Bahrain. We have have strong data protection and privacy regulations in Europe, but what if your data isn't being kept in Europe?"
More and more organizations are turning to the informations security standard ISO/IEC 27001 to help manage their IT risks, with certification rates up by 40% in 2010. Edwards says: ISO/IEC 27001 can be used to get the whole management of IT all under one framework, so an organization isn't dealing with individual problems but one issue."
The most important thing in tackling information security is to understand the risks, explains Edward. "ISO/IEC 27000 standards are risk based; the idea being that an organization will perform a risk assessment to find out exactly what its problems are and then put the controls that are needed in place.
"If quality professionals can identify the risks involved, then their organizations will be better able to cope with problems if they occur.
Mr. Aurelio Macaraeg Jr. Mr. Sundaram Sagaran and Mr. Alfonso Ramos Jr.
Thank you very much..
Walang komento:
Mag-post ng isang Komento