IT infrastructure and IT enabled services are used by management people in their organization for achieving leadership and excellent growth in their business. They try to automate as many activities of their business as they can and so they become more dependent on IT infrastructure. Hence, security and control of IT infrastructure inherently becomes a top priority and remains a big challenge for management.
We store large amount of data in electric form and access it using multi-tier client/server computing environment which becomes more vulnerable when we use Internet and Wireless Networks. The architecture of a Web-based application typically includes a Web Client, a server, corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Activities such as continuous analysis of security mechanisms, redefining of security policies and implementation of new security solutions becomes as important as the business processes of the organization. This paper suggests one additional functional area in the organization's business model and it has to be IT Infrastructure Security.
This paper also suggests a model for security management - Spiral Security Model. This spiral model for IT infrastructure security will be divided into 6 tasks and two regions. The two regions are - New Technology Implementation (NTI) and Existing Security Enhancement (ESE). For both the regions of the Spiral Model same six tasks will be followed: Communication, Planning, Risk Analysis, Engineering, Evaluation and Testing, and Feedback.