Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Organizing & Managing Information Security in Product Enterprises

An excerpt from the forthcoming book “Organizing and Managing Insanely Great Products” by David Fradin with RN Prasad.


Hardly a day passes without reading about a data breach/ cyber attack in some business enterprise or the other.  It is believed that more than 75% of the companies with any digital presence across the world have been subject to cyber-attack in some form.

According to British Telecom (BT):

  • Every 40 seconds a business falls victim to a ransomware attack
  • Cyber-criminals are creating, on average, 1.4 million phishing websites per month
  • BT alone detects more than 100,000 malware samples every day –  more than once per second
  • On a typical day, there are 4,000 cyber-attacks
  • BT and its customers see 3 Million suspect emails per month

We can conclude that no business enterprise leveraging digital technologies is safe in the world.  Nevertheless, the benefits of digital technologies when used with an appropriate level of information protection needed for that industry environment are far greater than the drawbacks of technology usage.  Information security is one of the top five agendas of most business enterprises.  Hence every product business enterprise looks at information security as a strategic imperative.

Information security (InfoSec) is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of Enterprise Information Assets.  Business enterprises design information security also called by other terms like cybersecurity, InfoSec is designed to protect the confidentiality, integrity, and availability of data stored in computer systems and other IT infrastructure like storage, communication networks from those with malicious intentions.  InfoSec is a set of strategies for managing the security-related processes, tools needed for physical & digital security and policies necessary to prevent, detect, counter and recover from threats to digital and non-digital information.

For successful organization and management, the organization and the roles and responsibilities must take these factors into account to be successful.  Those that don’t, take the department store Target, Equifax and the Democratic National Committee, for example, could have dire consequences for senior management, the company lost billions of dollars and society at large.  The stakes are huge and the organization must take that into account.

Information security breaches can cause severe damage to business even to the extent of closing down the business. Some of the critical consequences of cybersecurity lapses include:

  • Loss of company’s customer data, preventing business continuity
  • Potential customer attrition
  • Lawsuits resulting from a violation of information protection conditions
  • Potential market crash/ share price drops
  • Negative impact on brand image
  • Impact on individuals in Executive positions, imprisonment and even national elections
  • Revenue loss due to business interruption
  • Additional time & investment needed for business recovery
  • The increased cost of insurance & borrowing rates

Today, the IT infrastructure has become complex and depends on several elements used to build and operate enterprise IT applications. These IT infrastructure elements include data communication networks & networking devices, servers, storage devices (internal/ external & network), Database management systems (RDBMS, Data Warehouses, Big Data sources), Data exchange software solutions, Data replicas stored in disaster recovery sites and so on.  Also, data needs to be protected while at rest or in motion. In order to handle the overall information security, business enterprises tend to look at the layers in the system and handle the best options available at every layer of the infrastructure.

RELATED:  What Is the Difference Between a Copyright and Trademark and How I Get Them?

The layers are:

  • Network  – Antivirus & anti-spyware software, VPN, Firewall, etc. are used to prevent cyber-threats occurring at the data communication network level.
  • Operating System (OS) – The ability to set file/ folder access permissions like read-only etc as well as preventing users from running spurious programs are handled at the OS level.
  • Applications – Business applications provide user log-in controls, activity log, role-based permission capabilities.
  • Database – Robust RDBMS provides table level or even column-level access permissions, data encryption, and data masking capabilities to protect enterprise data.
  • Web server – Modern web applications are designed to be scalable and support thousands of users and still ensure performance. In order to balance the load, many servers work in parallel and users are typically confined to an allocated server.

Watching every layer of the IT infrastructure for possible intrusion is made possible with the help of specialized tools.  There are tools available for handling information security at every layer and also in an integrated fashion.  Today, machine learning and AI is used to predict fraud patterns and proactively prevent data breaches.  Most business enterprises consider InfoSec as a program involving people, technology and processes.  Determining the enterprise policies, user training, acquisition of the right tools, security governance are the typical steps taken to make enterprise cyber-attack resilient. 

RELATED:  Part 1: New Product Management Lifecycle:

Here is a quick look at the most common type of cyber-attacks and consequently what are the methods to deal with them. A cyber-attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems.

The 10 most common cyber-attack types:

Cyber Resilience is the ability to prepare for and adapt to changing information security conditions (attack types), withstand cyberattacks if it occurs and recovers rapidly from disruptions after a cyberattack occurs.  This strategy focuses on sensing, resisting and recovering phases of the cybersecurity management.  This holistic approach ensures proactive preventive measures using sophisticated tools and guaranteed fast recovery if a cyberattack occurs.

Business enterprises invest in a variety of initiatives to ensure information security.  Corporate level programs for security awareness creation, designing robust security architecture, defining security governance policies, inclusion of security specialists in IT application development teams, ensuring the latest and appropriate software tools to monitor and resist attacks are common approaches to enterprise information security.  Some of the common practices/ principles include:

  • Not everything in the business enterprise needs to be protected at the highest level of security
  • Users who need to know specific information based on their role will ONLY have access to such information
  • All users are given minimum privileges to access business information
  • Maintain a continuous log of all activities, conduct audits, and attack drills
  • Run frequent tests (ethical hacking) to simulate possible cyberattacks and ensure resilience
  • Plan for failure using disaster recovery and business continuity services
  • Put in place multiple defense systems against security breaches so that an external hacker needs to have multiple strategies to break-in

In summary, cybersecurity is a strategic and vital requirement of a product business enterprise.  We will need the right talent, tools, processes, organization, and management to ensure continuous monitoring and quick action to observed anomalies.

David Fradin


David Fradin has trained thousands of managers throughout the world in the successful management of products. With over 47 years of experience across major companies, 75+ products and services and 11 startups, he infuses his workshops with insights gained as an expert product leader, product manager and product marketing manager at companies like Apple and HP. He was classically trained as an HP Product Manager and was then recruited by Apple to bring the first hard disk drive on a PC to market. As a result of his leadership and management skills, Apple promoted him first to Apple /// Group Product Manager and later Business Unit Manager at the same organizational level at that time as Steve Jobs. He recently authored “Building Insanely Great Products: Some Products Fail, Many Succeed…This is their Story” Lessons from 47 years of experience including Hewlett-Packard, Apple, 75 products, and 11 startups later. Go to: Amazon Store Coming soon will be "Organizing and Managing Insanely Great Products" and "Marketing Insanely Great Products." His workshops cover the founding values, vision, product lifecycle and management employed by Apple at its start and which it subscribes to today. You can learn more about his workshops at Spice Catalyst Workshops Soon to be released by Wiley and Sons, in the Early of 2017, is a seven-volume set of university-level textbooks entitled: "Foundations in the Management of Successful Products" covering keys to product success, product market strategy, marketing, soft skills, user experience, user interface, product engineering, and product support. What students will learn in the workshops, online courses and books are cover what has made Apple the most valuable company in the world today. Go to David Fradin @ Youcanbook to schedule a time to talk.

Leave a Comment





Lucrative Business Ideas for Stay-at-Home Moms
Lucrative Business Ideas for Stay-at-Home Moms to Make Extra Money
Starting a business ​has never been more popular than now, and women of all ages ...
Read More
What a Product Manager Needs to Know About Information Security Roles and Responsibilities Featured
What a Product Manager Needs to Know About Information Security Roles and Responsibilities: Internal and for Their Product or Service
If you're a product manager in charge of information security for your organization, you're probably ...
Read More

TESTIMONIALS

Hsitang L

"I have done the marketing plan and got a great score from my working company. Thanks for your course and coaching."

Took Spice Catalyst online Marketing Fundamentals Course

Hsitang L

Student

Karthik S

"Very interesting course on the effective use of Social media in marketing. Must for all the Product Marketing managers. Simple & effective delivery of content. Thanks, Professor David."

Social Media Demystified

Karthik S

Student

Spencer J.

"Excellent Course for Marketing Strategy. It was comprehensive, easy to follow, and had the perfect balance of hands-on activities and lectures that left me with a full marketing strategy and implementation plan at the end of the course. Great course for anyone starting from scratch."

Marketing Principles Course

Spencer J.

Student

Sami A

"David’s key Product Management and presentations skills were key to my success in starting up and building Apple Pacific in the early 80s."

Product Management

Sami A

Client

Peter M

"David continues to be a valued resource for general marketing expertise, industry knowledge, and product marketing know-how. We reference his clear insights regularly."

Marketing Consulting

Peter M

Client

Manish B.

"David has been an excellent coach and mentor. Very detail oriented and practical in his approach. His ideas and frameworks are simple, practical and easy to understand and adopt, being extremely effective at the same time. The concept of ‘Do, value proposition’ is one such excellent framework which not only helps in formulating compelling value proposition for the customers but is also a source of ideas for new product innovation."

Executive MBA, Bangalore India

Manish B.

Student

Mike B, Lead Generation Consultant

"David is a very experienced and talented business professional. I have witnessed this first hand, as has demonstrated his ability across multiple disciplines, including market analysis, segmentation, customer profiling, competitive reviews, product management, marketing and sales strategy development and execution, to name but a few. In addition, he has great communication skills."

Consulting

Mike B, Lead Generation Consultant

Client

Chris B. (YouSendIt)

"I met Dave through a consulting engagement while I was at YouSendIt. It was easily the single most useful and insightful consulting engagement I’ve experienced in my career. From his analysis of our industry to the product recommendations, Dave gave us actionable information that made YouSendIt a better company."

Consulting

Chris B. (YouSendIt)

Client

Anand P

"Building Insanely Great Products" is a great Segway into the product management space and contains insightful and practical advice which I am now going to validate with some of the projects I am working on"

Consulting

Anand P

Client