Phy-gital Roundtable: Breakfast Roundup from Germany and Netherlands

02 May '15 | Debjyoti Paul

German Shoppers: Meet Them in the Fast Lane to Phy-gital

15 January '15 | Ralf Reich

Shoppers Will Share Personal Information (But They Don’t Want to be “Friends”)

15 January '15 | Anil Venkat

Modernize or Perish: Property and Casualty Insurers and IT Solutions

14 January '15 | Manesh Rajendran

Benelux Reaches the Phy-gital Tipping Point: Omnichannel Readiness is Crucial

13 January '15 | Anil Gandharve

The New Omnichannel Dynamic: Finding Core Principles Across Industries

13 January '15 | Debjyoti Paul

Technology does not disrupt business – CIO day 2014 Roundup

02 December '14 | Anshuman Singh

Apple Pay – The Best Is Yet To Come

02 December '14 | Indy Sawhney

Digital transformation is a business transformation enabled by technology

01 December '14 | Amit Varma

3 Stages of FATCA Testing and Quality Assurance

06 October '14 | Raman Suprajarama

3 Reasons why Apple Pay could dominate the payments space

18 September '14 | Gaurav Johri

Beacon of Hope: Serving Growth and Customer Satisfaction

05 August '14 | Debjyoti Paul

The Dos and Don’ts of Emerging Technologies Like iBeacon

30 July '14 | Debjyoti Paul

What You Sold Us On – eCommerce Award Finalist Selections

17 July '14 | Anshuman Singh

3 Steps to Getting Started with Microsoft Azure Cloud Services

04 June '14 | Koushik Ramani

8 Steps to Building a Successful Self Service Portal

03 June '14 | Giridhar LV

Innovation outsourced – a myth or a mirage or a truth staring at us?

13 January '14 | Ramesh Hosahalli

What does a mobile user want?

03 January '14 | Gopikrishna Aravindan

Enabling your Network Security controls with effective Governance, Risk & Compliance

Posted on: 16 September '10

It has always been about the business and not IT! That IT is a means toward achieving business objectives is as familiar as motherhood and apple pie. So also is the case with the role of Network Security Controls in achieving the Risk & Compliance objectives of your enterprise.

However, Network Security Controls seem to have lost their once dominant stature and place on the pedestal in the protection of today’s enterprise networks as the first line of defense. Increasingly, we see controls at the application layer being touted as that. Certainly, attack surfaces have changed and correspondingly, so have attack vectors.

It is therefore essential to get the overall picture, and to utilize Governance, Risk & Compliance (GRC) to tie Network Security Controls with business requirements. We need answers for the following:

  • Have application controls really taken up a new role?
  • Do Network Security Controls still matter?
  • What is the role of GRC?
  • How does one bridge Network Security Controls with the rest of the enterprise?
  • How does one get the most out of one’s Network Security Controls?

Governance-driven risk management helps one make better informed decisions based on business impact, and provides a mature platform to design and implement controls at various layers. Business risk-aware security provides for more effective data protection, continuity and privacy, and in turn paves way for effective and sustainable compliance. Without security, privacy becomes a question, and without either of them, compliance is a mirage.

Enabling your Network Security controls with effective Governance, Risk & Compliance

Knowledge about business processes, applications and data that are being protected will help strengthen the controls that are designed and implemented at the network infrastructure level. The IT general controls at the network level cannot afford to be treated as generic controls that are oblivious to the business requirements.

Strategies and tactics that aid this alignment are characterized by “always-on” or “connected” collaboration between IT and business stakeholders, and governed by Senior Management. The techniques and tools that facilitate this evolution are Governance, Risk & Compliance (GRC). In essence, Network Security Controls and GRC are tightly interlinked, and can be viewed from both a Tops-Down or Bottoms-Up perspective. In the next update, we will dwell into the answers for the questions listed above.

Mindtree Blog Archives

Mindtree blog Archives are a collection of blogs by various authors who have independently contributed as thought leaders in the past. We may or may not be in a position to get the authors to respond to your comments.