Security and privacy are concerns at the forefront of every organization. Understanding security foundations better help you to implement a comprehensive security solution.
Application and data security are major concerns of information technology organizations today.
The combination of an evolving regulatory environment and threat landscape have put a burden on customer engagement and digital process automation teams. Critical business systems have become more interconnected and need to leverage increasingly sensitive data as regulations expand. Securing these systems against attack becomes critical to avoid negative customer perception and potential regulatory sanctions.
Defining security objectives
Security policies and standards are the framework used to define the requirements and controls. Our teams must comply to prevent unauthorized access to systems and mitigate attacks that negatively impact the confidentiality, integrity, and availability of our client environments. These types of events cost our clients time, money, and brand integrity.
The components of the Pega security framework include:
- Policies: The ground level requirements for relevant in-scope functions
- Standards: Detailed requirements for relevant in-scope functions
- Procedures: Documented guidelines and instructions to maintain compliance with the policies and standards
Pega operates a broad policy stack where corporate functions such as HR, legal, IT, and other relevant groups supporting the entire company maintain policies and standards applicable to the entire workforce and relevant subcontractors. Business groups then build on these policies and standards with additional requirements based on regulatory or contractual obligations in support of the business outcomes, however these cannot be defined in any less restrictive way than the corporate function policies.
Successful implementation of and compliance with the Pega security framework allows for:
- Access control: Prevention of unauthorized access to systems and data
- Availability control: Prevention of attacks on systems that degrade the confidentiality, integrity, or availability of Pega environments
- Audit management: Avoidance of costly and time-consuming audits to determine the source or impact of a security event
Confidentiality, integrity, and availability, is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.