The 7 Elements of information security
The name 7 Elements reflects our belief that there are seven core activities required within an organisation’s approach to information security. Only by implementing all seven can an organisation truly deliver a holistic and resilient approach to information security, and one that will enable it to meet its businesses objectives and in the end, survive.
Design | Build | Manage | Embed | Adapt | Sustain | Assure
The first six elements provide the foundations required for a resilient approach to security:
Design: Within this element we need to define the organisation’s architecture, policies and standards to deliver a resilient approach to information security.
Build: Next we need to deploy systems and infrastructure that meet your design and protect your organisation’s information.
Manage: On-going management is then required to ensure that your systems are operated securely and new projects align with your security design. This element can also include the management of complex security testing engagements.
Embed: Embedding security strategy, culture and awareness into your business processes is vital to the overall organisational approach to security.
Adapt: We do not live in a static environment, thus it is vital that we can respond to changes within the threat landscape with regular reviews and updates that inform all of the elements.
Sustain: Incidents will happen, both malicious and unintentional, so there is a need to deliver business resilience through incident management and resiliency testing.
This then brings us to what we feel is the most important and often neglected element required.
Assure: The 7th element is all about gaining assurance over any aspect of your approach to security, through practical and pragmatic security testing. Many organisations will focus on aspects of the other elements and fail to gain assurance that their approach actually provides the level of protection required and as such could expose the organisation to hidden risks.