I had a conversation with a partner yesterday about which level of security is sufficient. The first question is of course how to define a security level. I often hear people say things like " we accept to have a sufficient level of security rather then a high level of security" Then they often add "we are not a bank and we do not need that kind of security". Every time I hear this I take a deep breath because I know I have a long discussion ahead of me. The sad thing is that most people that talks about sufficient security do not have a clue how to define security whatsoever.
I claim that in the simplest form security is digital, either you have it or you do not. On the other hand, any given environment is a complex beast so from an architectural point of view total security is hard to achieve. So there is a need to compromise between the need for protection and what is possible. The only way to achieve a "sufficient security level" is investigate which information that is the most vital for the company...and manage the access to that information. If the information is less sensitive then more access can be granted (less security). If you do not do this you do not have a clue if your security level is sufficient (or in-sufficient).
Conclusion: It is not about which security system you buy, it is about what you want to protect and from whom.
Subscribe to:
Post Comments (Atom)
3 comments:
And what really is vital requires some thought - but it can be a very interesting exercise.
I once heard about a major coffee shop chain who narrowed their critical infrastructure down to two items: the espresso machine and the cash register (which was tied in to the central book keeping system). As a consequence each store is required to have two of those.
So, maybe the espresso machine and the registers aren't very cheap, but they know they don't need to waste money on doubling a lot of other things. And they know their priorities in case of trouble.
That is a very good point, the hardest thing is to find out what is vital for you. But if you do not..how do you know what to protect.
would you like to exchange link with me??my url is :http://mysecurity-systems.blogspot.com/
or contact me on
gmail:prakashgpatolia@gmail.com
Post a Comment