Page 3 - Estimating_Software
P. 3

Estimating Software – Security

               Introduction

               Data and information are quintessential to corporate success in the global operating environment.

               While companies take different approaches to maximising profits and minimising losses, having the
               right information at the right time can be the difference between success and failure.
               Collecting, storing, managing and securing information is critical and ensuring the confidentiality,
               integrity and availability (CIA) of this information is a fundamental business practice. Legal compliance,
               reputation, cash flow and profitability all rely on having good information security; your estimating
               practice is at the core of your operations and the intellectual property (IP) it contains should also be
               protected.
               For many companies, succeeding in this new and expanding operating environment will require
               rethinking past decisions,  assumptions and practices and  focussing more on  identifying  risks and
               implementing security measures to minimise these risks.
               This  document presents  material  to address  the issues of information security relating to  your
               estimating practice and outlines how your company can protect your valuable business asset by using
               best practice principles and corporate governance.

               It describes what information security is, why it is important and how to implement an appropriate
               information security solution.


               CIA Triad of Information Security

               The main objectives of information security, the CIA triad - confidentiality, integrity, and availability
               - provides a baseline standard for evaluation and implementation.

                •  Confidentiality ensures that data or information system is accessed only by an authorised person
                •  Integrity assures that the data or information system can be trusted
                •  Availability means that data and information are available when required
               All information security measures strive to address at least one if not all three of these objectives.


               Access Control


               In addition to its people, a company’s most valuable asset is it's intellectual property. Every corporate
               has a wealth of internal data that may differentiate it from competitors.  As the business grows, so
               too does the importance of this intangible asset, so securing this IP is vitally important.

               It is widely acknowledged that corporate information security is complex, dynamic, and challenging.
               However, despite  this complexity, it is  fundamentally important  to protect the confidentiality,
               integrity and availability of this data.


               Access control provides the basic building blocks  for  enabling information  security and is the
               foundation upon which all security efforts are based.  Access control is the process of allowing only
               authorised users, programs or other systems to connect with or modify the resources of a system.



                                                                                                  Page | 3
   1   2   3   4   5   6   7