If people, process and technology are the ingredients of sound security, process is the glue that holds it together. Organizations must be careful that they do not become process bound, however, the absence of sufficient process will result in inefficiencies, loss of economies and the denigration of security investment.
To achieve balanced security so that there are no weak links in the chain there must be process in the areas of personnel and physical security as well IT security; personnel screening is an example. IT driven processes such as the methodology for conducting security risk management Threat and Risk Assessments (TRAs), change control, escalation processes for incident management, a process for the evaluation of trusted and cryptographic products, system certification and accreditation, the inclusion of security in business continuity plans and the inclusion of security within System Development Life Cycle (SDLC) methodology are but a few of the processes that must be in place to ensure adequate security is maintained throughout IT system life cycles.
The integration of security risk management with processes such as change control, SDLC, project management and Privacy Impact Assessments (PIAs) are necessary if efficiencies and cost effective solutions are to result. The most prevalent example is the integration of TRAs, PIAs, classification schema, policy assurance models, safeguards identification and selection, and system certification and accreditation.
Outsourcing is becoming a necessity in many organizations as they work with strategic partners to meet their objectives. The outsourcing of IT infrastructure and computing are two prevalent areas that are often outsourced. If the flow down of enterprise security policy and standards is not captured in outsource arrangements and Service Level Agreements (SLAs) organizations may be at risk and will be found liable if an incident occurs.
PDR Global Inc. consultants understand the interdependencies and the linkages that are needed among and between processes to achieve success. They will work with clients to adjust processes with minimal impact to an organization.