In today.s business Information Security has a greater importance as part of the Risk Management strategy. There are many efforts are taking place across the world and many Information Security programs are evolving as a result of this. These programs address security not only as a technical component, but also a Management practice. Business is growing faster and it requires integrating security with business. This leads to developing programs which can strategically protect the business information and assets This series of articles will focus on the requirement of addressing security as a strategic decision and tries to address the concerns of the Business owner and the security professionals. Within these articles, you will find information from the regulations like Sarbanes Oxley, HIPAA, FISMA, PCI Data Security etc. and standards like BS7799/ISO27001, COBIT, ITIL, and ISM3 etc. This series aims at bringing together the interest of business owners and security professionals. This series also aims at identifying the business problems and potentials solutions for them.
Many companies have initiated their Information Security program; these initiates are mainly through the information technology organization and hence it will remain a part of the IT organizations. Some other companies are trying to identify the right reporting structure.
Another group of companies believes that, the protection of Information Asset is a core business function and has strategic Information Security programs. For them, Information Security is part of their corporate strategy and is not an additional or add-on task. In such organizations, Information Protection is the responsibility of every employee. It is built into the culture of those organizations. In such organizations information protection is not something addition to their work, it is their work. Not for 8 hours, but 24 hours a day.