Enterprise Information Security is receiving a lot of attention these days. Especially with the wide reach of media and Internet, Enterprise Information Security Incidents get maximum coverage in no time.

Enterprises and government entities are under continuous attack and many of them have no clue on how to take this forward. These attacks range from website defacement to financial fraud to Internet worms and viruses. Exploitability of the common software programs such as Java run time, Internet browsers and adobe reader etc… are increasing in an alarming way.

Being Information Security professionals working with enterprises and governments, how do we get this straight?

The fastest way to progress in ensuring enterprise information security is  by identifying the threats to the enterprise information security. Key areas to look for are:

• What is the business model and architecture of the organization?
• What is the information architecture? How does it change hands?
• What is the technology architecture?
• How is that being currently protected? What security architecture would help further protection

Once we have these information, it gives an advantage on how to proceed further with the implementation or enhancement of enterprise information security.

The next next would be to build an information security architecture based on the Defence in Depth principals

Key Components of Defense-in-Depth based security architecture includes:

• Compliance Management
• Risk Management
• Identity Management
• Authorization Management
• Accountability Management
• Availability Management
• Configuration Management
• Incident Management

These components can be split into multiple sectors like

• Administrative controls

Enterprise Information Security policies, procedures and other documentations.

• Physical Security controls

Physical Access controls to the information and information processing areas

• Technology control components

The IT Security controls needed for the implementation of enterprise information security

The role of information security in the business world is increasing and has never been so important. Failure to ensure enterprise information security is more costly and /or more subject to public scrutiny. Your organization is compared with other organizations as to how secure are the other organizations than yours when there is a security incident, which leads to a brand reputation issue.

Every organization shall embrace the practices to ensure that the Enterprise Information Security is ensured

What are the challenges you have faced in implementing Enterprise Information Security?