Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Information assurance (IA) is what
information security people do to try and
manage risks associated with information
and ...
Upcoming SlideShare
Loading in …5
×

BCS ITNow 201309 - Holistic Security

123 views

Published on

When it comes to information assurance you need to take a wide view of the issues, says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BCS ITNow 201309 - Holistic Security

  1. 1. Information assurance (IA) is what information security people do to try and manage risks associated with information and data. This covers the people, processes and systems that might access, store, process, and transmit it. It should be holistic, and focus on more than just technical security controls, taking on board strategic and organisational issues too. IA should consider governance and compliance issues alongside the risk ones, paying due regard to legal, regulatory and contractual compliance. It is not simply an IT or technical discipline where techies can work in isolation from the real world; often it requires a delicate balance when people and cultural conflict are possible, e.g. with BYOD. Other balances must be struck when considering aspects of privacy and transparency, weighing obligations against benefits and risks. A good IA professional tries to rarely say no, preferring to understand what the business is trying to achieve and then working collaboratively with it to arrive at a suitable method of getting the desired result. Those working in IA must continue to stay on top of standards and good practice, advances in technologies and emerging issues that may impact particular approaches and change risk profiles (e.g. online communications and cloud computing being targeted by foreign governments). INFORMATION SECURITY Most of all, they must engage positively with their business. Working in this space is both challenging, with everything continually developing, and rewarding, especially when playing a part in defending your organisation, client or country. www.bcs.org/security When it comes to information assurance you need to take a wide view of the issues, says Gareth Niblett, Chairman of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION HOLISTIC SECURITY doi:10.1093/itnow/bwt043©2013TheBritishComputerSocietyImage:iStockPhoto/168767483 24 ITNOW September 2013 Agile Certified Professionals across the business can now demonstrate their ability to deliver greater value from their projects – with the global benchmark in agile capability. BCS Agile Certification pushes the boundaries in agile thinking and delivers the why, not just the how, of agile by bringing people together in an agile learning environment to tackle real-world business issues. It’s method-neutral, leaving you to decide on the agile approach that works best in your organisation. Enjoy successful agile projects and transform the way you do business. bcs.org/agilecertified BC291/LD/AD/0713 © BCS, The Chartered Institute for IT, is the business name of the British Computer Society (Registered charity no. 292786) 2013

×