Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Pillars of Security

Security is a continuous process. It involves people, policies, procedures, processes, and technology. These three categories can be considered the pillars of information security. These pillars of security and their interconnections are depicted in Figure 3-5.

Figure 3-5. The People, Processes, and Technology triad for information security

As we saw in the foregoing paragraphs, people are an important, unforgettable part of information security.

Effective information security involves the assignment of clear roles and responsibilities of people in any organiztion.


Without people there is no need for or possibility of any information security. People are the strongest pillars of the information security on the one side. But, they may sometimes tend to be the weakest pillars because of the lack of awareness or bad motives. They are easily prone to social engineering attacks or other malicious attacks. Hence, for strong information security their awareness, vigilance, and positive involvement must be increased and ensured.

Organization of Information Security

Every organization creates its structure from a functional and administrative point of view. This is very important from the perspective of the efficiency and effectiveness of work, which allows an organization to grow. However, with the widespread use of computers, the Internet, reliable connectivity, new technologies, and awareness of these new technologies among children to adults, it has become increasingly important to assign roles and responsibilities from the perspective of information security. Effective implementation of information security provides the customers, the management of the organization (including the shareholders), the employees of the organization, and all other related stakeholders the requisite assurance about an organization.

In the context of an organization, it is not enough that only the top management is concerned about information security, but it is important to involve everybody down the line, including the receptionist, the security staff, and the housekeeping staff. This requires commitment from all levels of an organization to ensure the effectiveness of implementation of information security. As it is said, โ€œThe strength of a chain is only as good as its weakest link.โ€

With every passing day, organizations are acquiring more information processing facilities, off the shelf software, and customized software, and we know that our dependency on IT is only going to increase significantly in the coming years. Hence, it is necessary that we are proactively organized to plan and implement information security

to protect ourselves, our customers, our partners, our suppliers, and other relevant stakeholders. We also need to organize ourselves to avoid, deter, prevent, detect, investigate, and overcome the issues related to information security or information security breaches.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science