As organizations mature in security adherence and requirements, there is a gradual shift from focus on security through technology to securing the entire ecosystem. The principle behind this is the idea that ‘the weakest link in the chain determines the strength of the entire chain’. Ashish Dutta, Chief Security Officer at Tait Communications, discusses what goes into delivering robust Information Security solutions to mission critical organizations.
Cyber security attacks are now real, present, and increasing in both their frequency and sophistication. While it is sometimes suggested that critical industries cannot risk interrupting operations to retrofit appropriate security measures, governments are now determined to impose regulatory controls in order to protect national critical infrastructure.
This is an excerpt from an article featured in Connection Magazine issue 11 – download the magazine for the full article
Ashish Dutta, who has been with Tait since 2012, is an ISACA CISM® certified Information Security Manager with significant experience in the positioning, delivery and management of ICT managed services and information security.
To shed some light on the complex topic of information security, Ashish answers some fundamental questions on his area of expertise:
What is Information Security and why is it important?
Information security measures keep data and information safe and protected from any intentional or unintentional breaches. In order to meet this core requirement you need to secure the entire ecosystems that support client operations – people, processes, products and suppliers.
“Tait provides systems and services in the critical communications domain, external certification provides our customer confidence that we will ensure confidentiality, integrity, and availability of their information across all domains – people, processes, locations, suppliers, and systems.”
Finally, there is an increased focus on protecting personal information, so organizations that hold such information about customers and suppliers are legally obliged to keep it protected from unauthorized access or transfer.
Why did Tait choose ISO27001 as its preferred standard?
ISO27001 is a comprehensive information security management system (ISMS) and one of the most widely accepted Information Security Standards in the world. ISO27001 provides a great model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving ISMS to ensure ‘sustained compliance’.
It provides a ‘risk based’ management system to help minimize possible harm to organizations by deliberate or accidental activities or events. This works well for Tait since we work with customers in different domains and can apply this standard regardless of industry or the tools being used.
What does it mean for our customers?
ISO27001 gives our customers independent verification that we have security systems in place and that they are functioning. It is becoming more common for “ISO27001 certification or equivalent” to be a standard requirement for suppliers.
Since Tait provides systems and services in the critical communications domain, external certification provides our customer confidence that we will ensure confidentiality, integrity, and availability of their information across all domains – people, processes, locations, suppliers, and systems.
What are the services the Tait Security Team provides to our customers?
As a ISO27001 certified Service Partner, Tait follows a strict cyber security compliance regime across our Service offers in the market.
All Tait Service agreements carry a basic Security Advisory Service in which security advisories and suggested workarounds are provided to all customers. More advanced agreements provide a personalized approach to each customer, where the following services are provided:
- Secure Architecture Design
- Secure User Access
- Secure Network Components
- Secure Event Response
- Secure Operations & Training
- Customer Specific Requirements
Tait Security Services work along all phases of the typical customer lifecycle, and work alongside Tait Product Development, Sales and Services to ensure customer security expectations are well understood, designed to meet the offered solution, and adhered to in all support phases.
Can you describe the role of the Information Security Team within Tait?
The Tait Security Team supports various activities both internally to Tait and with customer specific requirements:
- Internal Compliance and Certification
- Internal Product Development and Testing Support
- Internal Information Security Operations
- Security Monitoring and Incident Management
- Security Advisories
How does security apply to us at Tait?
Of course, we could not offer a reliable Information Security service to customers without complying with best practices in our internal processes. This is why the entire Tait organization plays a part in ensuring there are no weak links in the chain.
“At Tait, we’ve always had a strong security culture, with a high degree of awareness among our people and commercial partners,” Ashish says. “We aim to continue this, and ensure we gain and retain all appropriate accreditations and that good security practices remain integral to our way of working in our offices, systems and products.”
This blog post is an excerpt of an article taken from Connection Magazine issue 11. Download the magazine for the full article.
And if you like our articles, subscribe to Connection to be the first to know when new issues are released!