Information Technology Reference
In-Depth Information
Security Technology
Strategy
100%
80%
75%
60%
94%
93%
Security Program
Administration
40%
Policy Development
and Enforcement
20%
0%
Information Security
and Procedures
Physical Security
100%
100%
Fig. 2. Information security processes in defense industry organization
As can be seen in Fig. 2, the organization has fully implemented processes about
information security and procedures, and physical security processes. On the other hand,
existing processes can only meet 75% of the requirements regarding security technology
strategy. It is also considered that most of the requirements regarding security program
administration (93%) and policy development and enforcement (94%) are covered by
the organization. The assessment tool also reveals that the organization is close to
completion of following required processes in terms of security technology strategy:
Periodical updates of the security technology strategy,
Review of existing systems,
Processes and procedures involving the security personnel in evaluating and
addressing any security impacts before the purchase or introduction of new
systems,
Identification of work processes for incompatible systems in terms of
information security,
Implementation of specific, documented, security related configuration
settings for all systems and applications,
Developments for patch management strategy, policy and procedures.
Assessment tool also reflects that the periodic evaluation of information security
and privacy program, and practices for each business unit is not fully implemented by
the organization. However, analysis on political development and updates are close to
completion in the organization.
Search WWH ::




Custom Search