The Information Ecosystem

Home | Contact us | Sitemap

Home > Secure your Organisation > The Information Ecosystem

Secure Your Organisation

Safeguarding Intellectual Capital is a complex business. Information rests in many parts of the organization and in many different forms. Thinking about InfoSec usually invokes terms such as firewall, IDS, Anti-virus etc, but these are just a part of the whole picture. They address 'IT' Security Not Information Security.

Over 70% of the information (even in highly digitized organizations) exists in traditional form of paper, faxes, in the heads of people!! Depending on IT security to safeguard them could prove to be a costly fallacy.

An 'Information Ecosystem©' consists of People, Processes and the Technology that connects them.

Processes: A fundamentally ill-designed process, is a basic breach, no matter how much of security cover is thrown around it. Other issues concerning processes are the existence of parallel undocumented 'processes' , process integration issues and the non-adherence to those laid down.

People: Poorly trained people will manage to create cracks in the securest of systems. Countless breaches have reiterated the fact that the weakest link in the system is the man behind the machine. It is ironic that organizations spend hundreds of thousands of dollars on implementing secure technologies which are rendered useless because the users do not appreciate the why or understand the how of the system.

Technology: Organizations usually turn to technology to solve their perceived InfoSec problem. Truth is, that without addressing the above two areas, investment in technology provides little or no returns. And that happens because pure technology solutions ignore the fact that the attacker is in the game for the effect, not the experience. He is concerned with getting behind the defenses - not necessarily through the defenses.

However the issue of InfoSec does not end here. The 'Information Ecosystem' includes several other agencies like business partners, customers, service providers, regulatory bodies etc. Each one of them has the potential to become a weak link and jeopordise the security of the entire system.

Accordingly, a very unique skill set is needed to address the ecosystem as a whole. These include, in-depth understanding of technology, business processes, professional profiling, forensic techniques, behavioral psychology, and the ability to think through the attacker's approach.

MSSG realizes that any InfoSec initiative must get the complete buyin of all participants in the 'Information Ecosystem'. It is also essential to quantify - upfront - the total cost of ownership of the initiative, so that InfoSec is not perceived purely as a cost centre. This means that the stakeholders must see a clear return for every dollar spent in terms of reduction of risk and enhancement of efficiency.