In the beginning
When rolling out new information technology (IT) systems, many organizations often first focus ondeveloping the solution and then addressing any critical information security concerns. Such an approach leaves can create significant gaps between what the system does and how it protects data and users. More important, this approach can compromise the system's overall functionality. This article--authored by the founder of London's IT security firm Turnkey Consulting--outlines five suggestions for successfully addressing IT security issues and integrating security-related functionality into an IT system's foundation. In doing so, it describes the dangers of failing to address IT security functions while developing an IT system. It looks at why IT security specialists must understand the business roles and activities that each user will play, why business leaders need training in understanding their organization's particular IT security standards, and why IT system developers need to understand each business's particular IT-related security concerns. It also explains why continuously testing is critical to developing IT systems, noting how such testing can provide users with the functionality they need and businesses with the security they require.