Enabling your Network Security controls with effective Governance, Risk & Compliance
MindTree Blog Archives
It has always been about the business and not IT! That IT is a means toward achieving business objectives is as familiar as motherhood and apple pie. So also is the case with the role of Network Security Controls in achieving the Risk & Compliance objectives of your enterprise.
However, Network Security Controls seem to have lost their once dominant stature and place on the pedestal in the protection of today’s enterprise networks as the first line of defense. Increasingly, we see controls at the application layer being touted as that. Certainly, attack surfaces have changed and correspondingly, so have attack vectors.
It is therefore essential to get the overall picture, and to utilize Governance, Risk & Compliance (GRC) to tie Network Security Controls with business requirements. We need answers for the following:
• Have application controls really taken up a new role?
• Do Network Security Controls still matter?
• What is the role of GRC?
• How does one bridge Network Security Controls with the rest of the enterprise?
• How does one get the most out of one’s Network Security Controls?
Governance-driven risk management helps one make better informed decisions based on business impact, and provides a mature platform to design and implement controls at various layers. Business risk-aware security provides for more effective data protection, continuity and privacy, and in turn paves way for effective and sustainable compliance. Without security, privacy becomes a question, and without either of them, compliance is a mirage.
Knowledge about business processes, applications and data that are being protected will help strengthen the controls that are designed and implemented at the network infrastructure level. The IT general controls at the network level cannot afford to be treated as generic controls that are oblivious to the business requirements.
Strategies and tactics that aid this alignment are characterized by “always-on” or “connected” collaboration between IT and business stakeholders, and governed by Senior Management. The techniques and tools that facilitate this evolution are Governance, Risk & Compliance (GRC). In essence, Network Security Controls and GRC are tightly interlinked, and can be viewed from both a Tops-Down or Bottoms-Up perspective. In the next update, we will dwell into the answers for the questions listed above.
Subroto Bagchi
Related Posts
Best Practices to Simplify IT Risk and Compliance Management Governance, Risk, and Compliance – Simplified Paradigm Shifts in Security Space Think Again – It’s about Security How aware are you about Security?
Recent Posts
My Interactions with Customers – Key issues with partners in outsourcing Testing The Smart Machine – A Win-Win Proposition Key CPG Trends & Implications Can Gamification help achieve better adoption? Customer Management Vs Customer Expectation Management View all
Most Viewed
A fresh look at metrics and the marketing funnel (1832) Different Views on Consulting (1608) What is Consulting? (1500) B2B Digital Marketing (1313) Can You Entrust Your Services Partner With Your Demand Reduction Goals? (1054) View all
Most Commented
What is the difference between Marketing and Sales? (24) An inbuilt mechanism for innovation: organic & ecological (16) Mumbai Dabbawalas (16) Everything That’s Marketing (16) Corporate Blogging: It’s All About Engagement (13) View all
Vlog
Creating Sanity Amidst Test Methodology Madness – Webinar Series Transforming Test Organisation MindTree Vlogs: Role of Independent Testing in the Manufacturing industry A Look Back and A Look Ahead Some Brands Never Get Old View all
Cartlog
The Perplexed Scrum Master What’s in it for me? (WIIFM) When you are an expert on something, where do you learn from? Mantras for Communities FAA-some View all
