Security Management

There is no doubt that with the development of the Internet, and the "opening" of corporate IT systems to the outside world, the need for adequate IT security is a key concern of every enterprise.

Unfortunately, the topic of IT security is still very much a misunderstood "black art" with a mostly technical focus. When asked "do you think you are secure?" most CEOs and CFOs don't really know.

The implementation of adequate IT security means first of all ensuring that the risks have been understood in relation to actual business needs, and that there is a shared acceptance by both the business and IT of the security strategy. Second, there should be a balanced and complementary set of measures - i.e. people-oriented approaches and processes to support the technology solutions as well as the technology itself.

The ITWinners service approach focuses on three areas as follows:

• We start with the business involvement in IT security and make sure that at the top level in a company there is a transparent and agreed strategy for ensuring the security of the organisation's IT systems
  
  
• Then, using an agreed approach to risk assessment, we ensure that the security requirements have been defined in end business terms i.e. what level of security is needed, not how the security should be implemented. These are the required security service levels, based on risk and accepted cost.
  
  
• Then we assess the current level of security protection and identify where improvements are required, often quick wins based on a priority of risk reduction and ease of implementation.

If assistance is required with technical implementation, then we work with other specialist partners, and ensure that the technical solution remains aligned to real business requirements.