Information Technology News| IT News India | IT industry

Home > Specials > Security > Features

presented by

The need for Security Standards

Adoption of best practices and standards has become reflective of the style of management. Customers seek and look for companies that have adopted Standards and have a system that can demonstrate assurance of continuity and security.

The most fundamental objective of business (Business continuity) has become a hot topic of conversation at board level, with organizations looking for a way both to minimize risk and maintain continuity of business under any circumstances.

Ravindra NR,
Certified ISMS Lead Assessor, Lead Tutor

Business is essentially rotation of its assets; rotation with due care, ensuring protection of assets. The integrity, availability and confidentiality (security) of information about the assets of the organization, its business processes, methods and practices are what is giving it the critical edge and differentiation (effective efficiency) from its competition.

Technology has enabled information to be captured, and be made available at the right time, place and to the right person. It has also allowed processing of vast amounts of information, and has brought about the vulnerability and ease with which, information can be leaked and lost, if secure practices are not adopted. Information Security and IT Service Management within the industry is no longer just an issue for IT Managers.

In such a scenario, should adoption of secure practices be a matter of chance, left to the initiatives of individual managers? Or should be considered as a matter of significance, providing assurance by adoption of standards and best practices. The environment requires business organizations to increasingly adopt benchmarked practices (standards) and evolve from there.

Why standards?

Standards provide the link between great innovative ideas and tackling problems, enabling practical implementation. Standardization ensures agreement about basic essential characteristics, such as,

• terminology
• safety
• performance
• compatibility and
• interoperability,

which are essential to bring great ideas to the market.

In fact, adoption of best practices and standards has become reflective of the style of management. In many competitive industry segments, like the Banking and Financial services and the Services industry, etc, (call centres, BPO, KPO, ITES, etc,) it has become a measure of confidence and assurance that the customers and stakeholders place upon the management. Customers seek and look for companies that have adopted Standards and have a system that can demonstrate assurance of continuity and security. In instances, it has become a key differentiator between companies.

Business today, needs both, technology service assurance and information security assurance, which can be achieved by adopting standards and best practices.

Security Standards

There are many standards and best practices that organizations can choose, deploy and adopt. However, business is about management. Today, there are only two management systems standards addressing,

• Technology service management, and
• Information security management.

The standards, essentially are divided in two parts, the part 1 is the baseline specification against which, organizations practices are assessed and certified. Part 2 is the general set of practices, which are complementary to Part 1. This is an ISO (International Organization for Standardization) scheme of numbering the standards.

1. Information Technology Service Management System (ITMS)
Part 1 (The assessable and certifiable standard) BS ISO/IEC 20000-1:2005 Information technology.
Service management. Specification

This specification defines the requirements for a service provider to deliver managed services. This standard promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements.

For an organization to function effectively it has to identify and manage numerous linked activities. Co-ordinated integration and implementation of the service management processes provides the ongoing control, greater efficiency and opportunities for continual improvement.

It may be used:

• By businesses that are going out to tender for their services
• To provide a consistent approach by all service providers in a supply chain and to benchmark IT service management
• As the basis for an independent assessment
• To demonstrate the ability to meet customer requirements and improve services

BS ISO/IEC 20000-1:2005 supersedes BS 15000-1:2002

Part 2 (Best Practices)
BS ISO/IEC 20000-2:2005 Information technology. Service management. Code of practice.

This code of practice describes the best practices for service management processes within the scope of BS ISO/IEC 20000-1. It represents an industry consensus on guidance to auditors and offers assistance to service providers planning service improvements or to be audited against BS ISO/IEC 20000-1:2005.

BS ISO/IEC 20000-2 recommends that service providers should adopt common terminology and a more consistent approach to service management. It gives a common basis for improvements in services and provides a framework for use by suppliers of service management tools.

BS ISO/IEC 20000-2:2005 supersedes BS 15000-2:2003

Next

Product Reviews
Forsa GeForce 7600 GS
Share Music over iTunes

Digital Communication
Go Local For Broadband
RFID: Emulate the Internet

Channel Tech
Super Storage On Its Way
Globalsat GPS gets certified by Dell

	SAP Technology optimises Business
	Try visual studio 2008. It�s Free
	Complexicity or Simplicity - Choose

	Motorola : Good Mobile Messaging
	Smart Enterprises = Smart CIOs
	TAM : Freedom from password management

	Mahindra Connect benefits from SharePoint Server 2007
	Solving the "lost data" problem
	Wipro meets its future demands through E-Cube

	HP Business Availability Center
	Transforming Business
	Aligning IT and Business