Information Security program for organizations– is it necessary?

In an age when most of us spend most of our time online, a great amount of business and personal information is being generated. ‘Information Security’ is defined as securing that business or personal information by using varied programs, software and concepts. ‘Information is power’ goes the popular adage and securing it in today’s world is one of the most pressing issues facing InfoSec professionals today.

In the current business scenario, “security” should never be an afterthought and should always be incorporated into the corporate strategy according to the size of the organization. For most of us, unknowingly, security is already a part of our lives. “Protecting Tweets” on Twitter, ensuring privacy selections on different social media platforms, installing anti-virus programs, working with firewalls, backing up software, installing CCTV cameras are all various examples of security elements in our lives.

Let us first see the three popular maxims of Information Security followed by the broad elements of Information Security programs.

Three tenets of Information Security’

The three tenets of Information Security are Confidentiality, Integrity and Availability. It is also popularly known as the CIA triad.

‘Confidentiality’ ensures that the information that is transmitted is delivered only to the intended recipient. Confidentiality ensures secrecy of the transmission by encrypting, access control etc

Integrity’ is making sure that the information is not manipulated in transit. As an example, in online transactions, it is imperative that credit card information that is sent is not modified or sniffed.

Availability’ is making sure that the information is available all the time. Any disruptions to availability of information must be quickly looked into so that productivity of the organization does not go down.



Each organization big or small tries to uphold one or more of these security objectives in their own way.

Elements of an information security program:

It is a common misconception that implementing “security” measures and adopting different security precautions or assessments are only for bigger organizations. “Security” might not have been an integral part of the corporate structure 20 years ago but it is a necessity in today’s online world.  Security strategies are used to protect product information, customer information, financial information and employee information. These are the broad elements of an information security program:

  1. Plan and organize
  2. Implement
  3. Operate and Maintain
  4. Monitor and Evaluate

“Planning and organizing” broadly involves getting upper management support for the security programs that need to be implemented in an organization. It also involves creating a threat profile and performing a risk assessment.
Some of the ways a security program is “Implemented” is by assigning roles to different people, creating policies, procedures and guidelines and creating SLA’s.

The security program is “maintained” by performing audits and making sure that they align with the initially stated security goals of the company.

The security program is a constant life cycle and needs to be continuously monitored and revamped to keep up with the changing times.

Not all of these steps may be necessary for all organizations but a security consultant can always be called to understand the situation and create a security plan. This in turn will create a safer virtual world. 

Harris, S. All in one CISSP. In S. Harris.

About Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top