The IT Sector provides products and services that support the efficient operation of today’s global information-based society and are integral to the operations and services provided by other critical infrastructure Sectors.
Government and industry partnership is critical to creating a continuous risk reduction system across a sector as large and diverse as the IT sector.
The IT sector functions encompass the full set of processes involved in creating IT products and services, including Research and Development, manufacturing, distribution, upgrades and maintenance.
With critical infrastructure protection being the primary concern, the IT sector’s vision is to “achieve a sustained reduction in the impact of incidents on the sector’s critical functions.”
- To provide IT products & services
- To provide incident management capabilities
- To provide domain name resolution services
- To provide identity management & associated trust support services
- To provide internet-based content, information and services
- To provide internet routing, access and connection services
Assurance is essential to achieving the sector’s vision and is therefore a fundamental aspect of all critical functions.
The functions are not limited by geographic or political boundaries, further defining its virtual and distributed nature. This distribution highlights the increasing need for international collaboration and coordination for risk assessment activities, effective security practices, and protective program design and implementation. Additionally, the critical functions may be developed and maintained by small, medium, or large companies with varied resources and capabilities highlighting the need for risk management strategies and protective programs that map and scale to a wide range of needs.
The IT Sector uses its methodology and approach to evaluate risk across its critical functions and develop risk mitigation strategies for the risks of greatest concern. Creating awareness around the risk mitigation strategies allows the IT sector to promote resilience to its stakeholders at the sector level.
The assurance and integrity of IT Products and Services has become a critical issue within most types of organizations, and finding better ways to address the topic has become one of the IT Sector’s joint priorities. Sharing and leveraging software assurance knowledge is becoming a key enabler to making the types of changes and improvements that are needed to address supply chain risk.
The Information Technology sector is central to the global security, economy, and public health and safety as businesses, governments, academia, and private citizens are increasingly dependent upon Information Technology Sector functions. These virtual and distributed functions produce and provide hardware, software, and information technology systems and services, and—in collaboration with the communications sector—the Internet. The sector’s complex and dynamic environment makes identifying threats and assessing vulnerabilities difficult and requires that these tasks be addressed in a collaborative and creative fashion.
To learn more about the ISO 27001 & ISO 22301 write to info@fwqrc