IT / IS SECURITY
Ownership . Practical . Effective
“Promoting Systems Integrity”
Effective information security systems incorporate a
range of policies, security products, technologies and “If you think technology can
procedures. Software applications which provide solve your security problems,
firewall information security and virus scanners are not then you don't understand the
enough on their own to protect information. A set of problems and you don't
procedures and systems needs to be applied to
understand the technology.”
effectively deter unauthorized access to information
Companies face threats to their employees, systems, “Security must begin at the top
operations, and information every day. These threats of an organization. It is a
include computer viruses, network attacks, fraud,
leadership issue, and the chief
industrial espionage, and even natural disasters.
executive must set the
example. — heard at a security
“One of the tests of leadership
is the ability to recognize a
10 questions to sensitize problem before it becomes an
the IT / IS Security …
1. Does anyone in the management identify the disgruntled employee before he does
any harm to company’s business?
2. Does management aware what is the current exposure on information security?
3. Would people recognize a security incident when they saw one? Would they ignore
it? Would they know what to do about it?
4. Does anyone know how many computers the company owns? Would management
know if some went missing?
5. Does anyone know how many people are using the organization’s systems? Does
anybody care whether they are allowed or not, or what they are doing?
6. Did the company suffer from the latest virus attack? How many did it have last year?
7. What are the most critical information assets of the enterprise? Does management
know where the enterprise is most vulnerable?
8. Is management concerned that company confidential information can be leaked?
9. Has the organization ever had its network security checked by a third party?
10. Is IT security a regular agenda item on IT management meetings?
Techserv is absolutely committed to helping people and
organizations grow and succeed. Guided by our fundamental
belief of integrity and professionalism, we promise a best
client experience. By applying our rich expertise and our
I focused methodologies, we will provide honest advice to help
you reach your business objectives and transform challenges
into new possibilities.
OUR IT SECURITY ASSURANCE APPROACH IS DRIVEN BY …..
BUSINESS GOALS COBIT
Effectiveness Deals with information being relevant and pertinent to the business process as well as being
delivered in a timely, correct, consistent and usable manner.
Efficiency Concerns the provision of information through the optimal (most productive and economical)
use of resources.
Confidentiality Concerns the protection of sensitive information from unauthorized disclosure.
Integrity Relates to the accuracy and completeness of information as well as to its validity in
accordance with business values and expectations.
Availability Relates to information being available when required by the business process now and in the
future. It also concerns the safeguarding of necessary resources and associated capabilities.
Compliance Deals with complying with the laws, regulations and contractual arrangements to which the
business process is subject, i.e., externally imposed business criteria as well as internal
Reliability relates to the provision of appropriate information for management to operate the entity and
exercise its fiduciary and governance responsibilities.