Information security is no longer a “good to have”, but a “need to have”. Security mechanisms have become vital members of companies’ system architecture as more and more data are being digitalised, and business workflows and transactions are carried out on the network backbone. Moreover, users are becoming more and more concern with security threats. Information is the greatest assets to any organizations, those whom fail to secure their information won’t expect anything less than failing in their business.
Does simply introducing security mechanism to organizations’ system architecture really improve security?
Certainly, it helps the business reputation to shows that they take security matters seriously by implementing security mechanisms in their system. But, is it equivalent to taking assets security seriously?
The underline of security is asking yourselves: what are you defending from and against? In most cases, you implement security mechanisms to protect your assets. It has been the principle of security since many centuries ago. Defining your goals/objectives, set your priorities, and addressing your assets is vital. You do not want to allocate huge amount of resources to protect your secondary assets, and pay little attention to your primary assets. Having your primary assets less secured that your secondary’s one is a great treat to your adversaries.