How much security is enough?
Why build Fort Knox if you are not protecting Gold?
Alternatively, if you could build Fort Knox cheaply, why wouldn't you?
  
Information Security Management (ISM)

The dictionary describes security as "a secure condition or feeling; a thing that guards or guarantees".

AS/NZS 4444 / ISO 17799 dscribe information security as the "Preservation of confidentiality, integrity and availability of information".

All organisations understand the need for information security. But how much is enough? Too much can be both costly and a hindrance to business, while too little can leave an organisation exposed to major threats. Too often we only recognise the need for security after a disaster. Achieving the right balance is essential if an organisation is to flourish.

Information Security Management (ISM) represents the application of key security building blocks to pro-actively manage Security within an organisation. ISM encompasses analysis, development and the ongoing management of security.

Read all about the Linus Methodology and how it relates to the International standards here.

The LINUS Approach - from Strategy to Implementation

The LINUS - ISM Framework is a modular, true end-to-end approach, allowing the application of tailored solutions specific to each organisation's needs. The framework is broken into three phases as described below (refer illustration). This approach produces a comprehensive business case at each stage.

The LINUS ISM Framework

Analysis

  • Establish objectives, select the necessary framework stages and develop a project plan

  • Determine the sensitivity of information and the environment it will be accessed from

  • Select the most cost-effective generic mechanisms and controls.

Development

  • Architect and design how these mechanisms and controls will be accommodated within the organisation

  • Evaluate the most cost-effective products or solutions

  • Implementation activities including configuration, testing and migration of data.

Management

  • Define the structure to effectively manage and support security within the organisation

  • Develop supporting Policy, Standards and Guidelines

  • Ensure all employees are aware of their security obligations

  • Ongoing monitor and review.

Importance of Each Phase

Each organsiation will be at a different level of maturity, however, each phase is essential for an effective solution ie.:

  • There is no point building in sophisticated security where there is no need - without proper analysis, it is easy to over or under shoot your needs

  • Incorporating the appropriate security stages within the systems development life cycle will ensure important design decisions are made up front, before costly development decisions are made

  • Without good management, even the most sophisticated solutions can come unstuck.

For more information on the Linus Optimal Information Security (LOIS) Methodology read here.
     

Disclaimer       Privacy Statement       © LINUS Information Security Solutions Pty Ltd - All Rights Reserved