The implementation of information security in Software Development Companies in India must begin somewhere, and cannot happen overnight. Securing information assets
is in fact an incremental process that requires coordination, time, and
patience. Information security can begin as a grassroots effort in which
systems administrators attempt to improve the security of their systems.
IT companies in India often referred to as a Bottom-Up Approach. The key
advantage of the bottom-up approach is the technical expertise of the
individual administrators. Working with information systems on a day-to-day
basis, these administrators possess in-depth knowledge that can greatly enhance
the development of an information security system. They know and understand the
threats to their systems and the mechanisms needed to protect them
successfully. Unfortunately, this approach seldom works, as it lacks a number
of critical features, such as participant support and organizational staying
power.
The Top-Down Approach, in which the project is initiated by
upper-level managers who issue policy, procedures and processes, dictate the
goals and expected outcomes, and determine accountability for each required
action, has a higher probability of success. This approach has strong
upper-management support, a dedicated champion, usually dedicated funding, a
clear planning and implementation process, and the means of influencing
organizational culture.
The most successful kind of top-down approach also involves
a formal development strategy referred to as a systems development life cycle.
For any organization-wide effort to succeed, however, management must buy into
and fully support it. The role played in this effort by the champion cannot be
overstated.
Typically, this champion is an executive, such as a Chief Information Officer (CIO), or the Vice President of Information Technology
(VP-IT), who moves the project forward, ensures that it is properly managed,
and pushes for acceptance throughout the organization. Without this high-level
support, many of the mid-level administrators fail to make time for the project
or dismiss it as a low priority.
Also critical to the success of this type of project is the
involvement and support of the end users. These individuals are most directly
affected by the process and outcome of the project and must be included in the
information security process. Key end users should be assigned to a
developmental team, known as the Joint Application Development team (JAD).
To succeed, the JAD must have staying power. It must be able
to survive employee turnover and should not be vulnerable to changes in the
personnel team that is developing the information security system. This means
the processes and procedures must be documented and integrated into the
organizational culture. They must be adopted and promoted by Software Development Companies in India. The organizational hierarchy and the bottom-up and top-down
approaches are illustrated in Figure
Figure: Approaches to Information Security Implementation Source: http://www.ustudy.in/node/11832 |
Thanks for Sharing this post.
ReplyDeleteISO 27001 lead auditor
thanks for your sharing.
ReplyDeleteInformation security is very important for any business and nowadays every business need it. information security services
ReplyDelete