- Posted by fedco
- On January 8, 2015
- it security
The term Information Technology security is actually a broad term that can cover a lot of things, from network infrastructure into personal internet security.
As the fundamental approach, we can divide the Information Technology security into two main domain, there are:
1. Corporate Domain
2. Personal Domain
More or less the corporate domain of Information Technology security will then drive the personal domain. Especially for the company that has strong policy in place and established security standard, the security environment of each individual within this type of organization already established well, but still there is no guarantee everybody will then comply with the security governance based on the standard, but at least the common approach in the Information Technology security assurance already aligned and synchronised well.
Information Technology Security Governance
The Information Technology security governance within an organization commonly is developed by using top-down approach, it means that the organization will push the framework and the essence of having IT security assurance to support the business continuity and operations. By doing this approach then all entities within the organization should obey the governed policy and standard. The trigger to the top level management to put some concern on this implementation can be came from the security incident, security lesson learned, fatal losses of the company due to security breach, or from the major/essential input from the employee itself.
The second approach is by using the bottom-up. The sounding of the importance and urgency of having security IT environment and practice is developed from the bottom level of organization (commonly from the employee itself). The input came that came from the employee will then leveraged to the higher level management, and then it can be formalised into the corporate standard and policy.
Sooner or later the security assurance in Information Technology environment will be one of the urgent and important thing for the organization especially for the company that plays at the critical infrastructure industry (such as energy, mining, power plant, nuclear, etc.).
Don’t wait until the security incident happens, but prepare the best before it occur.