|
 |
| Our Services » Research » Completed Results |
Project CSP: Contemporary Challenges in Security and Privacy
Business Requirements for the Networked World
:: completed list main ::
The challenges of business and information security have been altered in the recent past by events as varied as the pervasiveness of the Internet, the growing popularity of open systems, the fall of companies such as Enron and WorldCom, and, of course, the terrorist attacks of 9/11. It's as though gunpowder has been invented and the castle's walls and moats are no longer a guarantee of security.
With information privacy, we've begun to see that different countries and cultures take diverse positions on safeguards. National and international legal systems are just beginning to formulate positions on the behaviors necessary for privacy protection in international commerce. Corporations are only now beginning to realize just how carefully they must safeguard their information - and how little control they may have over information they think is "theirs."
Information security is dependent not just on technologies, such as for controlled access or data encryption, but on individuals' understanding the roles and responsibilities that they have in handling information. Security and privacy are also determined by the nature and classification of the information with which businesses are working. Security provides the framework to manage information content, assign roles and responsibilities, and preserve the integrity and, as necessary, privacy of the information we handle.
Content management have taken on new importance in how we manage the information inside our companies. To manage content - the information we use both internally and externally to power our knowledge-driven organizations - we must have clear categorizations related to the business, regulatory, and legal aspects of the information we handle. Metadata, or the data that tells us the characteristics of the information we are handling, is now critical for information systems to store and retrieve information for the right people with the right levels of security.
Similarly, identity management today goes far beyond simply granting access to the corporate network or a specific set of applications. "Single sign-on," the holy grail of the past, has now given way to the reality that, with network access and mobile devices proliferating, we will have to tackle not only authorization, but authentication, validation, and auditability of people, processes and systems for handling information.
This Re.sults® report discusses the main features of the security and privacy landscape and offers key signposts for management. It makes regular reference to the technologies for supporting information security and privacy, but traversing the landscape requires a far broader business program of individual responsibilities, dedicated security functions, management processes, and education and awareness initiatives. We explore these components as a means of providing your business with the opportunity to find the most effective path to security and privacy, both now and in the future.
|
|
