managing information Security: an ongoing approach

Strengthening the level of security of an IT system involves a continuous approach: organisations evolve, players change and new vulnerabilities concerning software and systems are constantly appearing. In this context, strengthening the level of security implies organisation, structured resources and daily actions.

Simple principles:

• conducting organisational and technical actions allows a certain "level of security" to be reached, which can always be improved
• strengthening the level of security requires effective means of control: any long-term approach is based on indicator dashboards that are understandable and readable by all players concerned, with indicators adapted to the specifics of each organisation.
• strengthening one's level of security must be a source of profit: any organisation is entitled to reap the benefits of its effort and investments in information-systems security. These benefits may be of several types: marketing, reputation, efficiency of exchanges, etc. They must be measured and evaluated.

how to secure your processes

security of business processes		What information should be secured by business area? What services need to be secured? Who are the players in the IS?
application architecture security		What are the components, by area and by service, to be secured according to access by players in the IS?
technical architecture security		How can networks, servers, workstations, flows, etc., be partitioned and secured?