Managing IT Assets
Information Technology (IT) security management is a broad field of management related to asset management, physical security, information security, policies, standards, procedures, guidelines, access control, event management, disaster recovery, risk assessment, and threat management. Software tools and attention to managing the increased risk to information technology have mushroomed in recent years. The number of recorded incidents and the multitude of threat vectors continue to rise exponentially. IT security management is a subset of business continuity planning and takes its lead from risk management.
IBD principals provide security assessments and consulting as part of their IT assessment service. IBD’s approach, like all of IBD’s services, is flexible and customizable. IBD approaches its customers with the option to start with Level 1 security - laying the basic framework for security, which includes an assessment of basic elements like virus protection, IT policies, logon standards and asset management. Customers who wish to take information security to the next level, Level 2, make an investment in vulnerability scans and intrusion detection systems – a ‘hands-on’ approach. Finally, Level 3 involves setting up a security management system with security roles defined and regular IT audits.
IBD often leverages the (NSTISSC) National Security and Telecommunications and Information Systems Security Committee’s approach to information security assessment that presents a comprehensive model for information systems security assessment.