Information is the most important strategic asset an organization has at its disposal. Therefore, it is critical that any systems holding that information be protected against the threat of loss, theft, or damage. One way this protection can be accomplished is through the use of an Information Security and Management framework.

Security controls are implemented and maintained to address the three interdependent principles present in all programs: Confidentiality, Integrity and Availability, also known as the "CIA triad." Management support is one of the most important factors for the success of the security program. To achieve the desired results of the security program, an organization must communicate the "what, how and why" of security to their employees. This awareness should be comprehensive, tailored, and organization-wide. Lack of a proper Security framework can be very expensive.

In the 2008 Ponemon Institute benchmark study, costs incurred by 43

organizations after experiencing a data breach were examined. Breaches included in the survey ranged from less than 4,200 records to more than 113,000 records from 17 different industry sectors.

Some key findings were:

• The total average costs of a data breach grew to $202 per record compromised, an increase of 2.5 percent since 2007 ($197 per record) and 11 percent compared to 2006 ($182 per record).
• The average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million.
• The cost of lost business continued to be the most costly effect of a breach averaging $4.59 million or $139 per record compromised.
• Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study.
• Breaches by third-party organizations such as outsourcers, contractors, consultants, and business partners were reported by 44 percent of respondents, up from 40 percent in 2007, up from 29 percent in 2006 and 21 percent in 2005.
• Per-victim cost for thirdparty problemsis $52 higher (e.g., $231 vs. $179) than if the breach is internally caused.
• Data breaches experienced by “first timers” are more expensive than those experienced by organizations that have had previous data breaches. Per-victim cost for a first time data breach is $243 vs. $192 for experienced companies.
• More than 84% of all cases in this year’s study involved organizations that had more than one major data breach.

Information Security Management is about the protection of information assets from potential security breaches. It starts with reviewing risks, setting policies, processes and controls, and by implementing them throughout the organization.

Managed firewall, IDS, HIDS, Vulnerability Scanning, Email and Spam filtering, Remote backup and recovery, Web content filtering, PCI scanning, Hosted exchange, Phishing and Pharming are some of the security services that are required to safeguard crucial data in an organization. All these services are being provided by KRAA Security under categories like, user defense, intrusion defense, vulnerability defense, systems defense, and network defense.

KRAAsecurity are a professionally managed security consultants who provide customized security solutions for business enterprises at reasonable costs. To avail their services, an enterprise has to incur an initial cost and thereafter low monthly recurring costs. This leads to savings for the enterprise which can be used for other purposes. Please visit the site www.kraasecurity.com for more details.