Indra's Global Security Model
Divide and conquer. Julius Caesar's quote from ancient times proposes the most efficient way to confront complex situations and settings. However, when referring to security, we must do this through a holistic vision, where the whole is more than the sum of the parts. To this end, we must not forget that the ultimate goal of implementing adequate security controls, whether Information Security or of any other type, is merely to uphold the correct functioning of an organization so that it may wage its battle another day.
When organizations grow and go global, their security problems multiply exponentially, requiring them to strengthen the organization of this security as well as establish a Security Government. This backup capacitates the Corporate Government for strategic decision-making as needed to guarantee the organization's survival in accordance with its mission, vision and values.
Security at Indra is facing new challenges arising from changes in expansion on a global scale. Therefore, our goal of understanding and reducing the risks we are confronted with, both for our own organization as well as with regards to the services we offer our clients, requires supports. To this end, we are implementing the Global Security Model based on standards such as the ISO/IEC 38500 – Corporate Governance of IT and are adapting it to our model of relationships in vertical markets and geographies.
This Model, for managing information security in our international structure, is consolidated into a new function: the LISO (Local Information Security Officer) in charge of coordinating and managing security in the represented markets and subsidiary. This position counts with the support of the Global Security Committee of the parent company as well as the respective Committee of the subsidiary.
To adapt to our relational model, the committees have, at different levels, Global Market Representatives (GMR) and corporate Global Area Representatives (GAR) to ultimately comprise a Global Security Committee led by the CISO (Chief Information Security Officer). This global committee aligns the fulfilment of the Security Government's goals related with control which, as a strategic element, provide Indra with added value.
By applying this model in the different countries in which Indra is present, Security tasks may be carried out on a global scale while simultaneously satisfying subsidiary-specific requirements.
To facilitate and drive the implementation of the model in subsidiaries, the Security area is extending internal security services in accordance with standard ISO/IEC 20000. This capacitates us to favor change and extend awareness on IT Security to all persons who, across different markets, areas, subsidiaries and countries, strive daily for our organization to provide the best service to its clients one more day.