NGFW-Tech Half Battle In Orgs

I agree with the Governance people at ITgovernance:

Technology only addresses some of the potential Cybersecurity hurdles that a company may have.

The poster child of massive data breaches (Sony) was due to an internal breakdown, that plus previous documented failures show a lack of concern for  IT Governance.

In my mind I have a basic question, what is IT governance anyway? Neil Ford says that there are basic programs in the ISO 270001 Governance framework. Of course this is the promotion of their website – to have IT governance  solutions.


But I want to go over why we would need any kind of “Governance”  as I have experienced through a company going to ISO27001 a long time ago. It is a process of processes. going to ISO27001 means you will have a framework of processes and paperwork. the idea is that there are rules and implementations of processes, just in case you do not have them in place already, there is a path for you to create this methodology.

Actually has documents for ISO270001 which has Info tech — Security techniques — Information security management systems — requirements:

What is an ISMS?

{An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

It can help small, medium and large businesses in any sector keep information assets secure.}

This framework is a method to get your company secure from not just a Next gen firewall method, but internal controls as well.” The firewall protects from a purely network level.


Here is the primary reason for doing this: Internal controls in case an internal resource does something that goes against the company.

The criminal hacker is attempting to use your IT resources and you use a Next gen firewall among other defenses there:

But what about an internal employee doing something bad? then you must have Governance, which could mean ISO27001


You can view parts of the ISO27001:2013(en)  on their online browsing platform:

ISO is International Organization for Standardization (HQ in Geneva, Switzerland)

Information Security Management System (ISMS)

IEC (The International Electrotechnical Commission)




In my research I found this interesting mind map by  Peta Konsep Anak Bangsa:


This is a very good representation of what is needed in managing the processes of IT governance.


Hopefully this article has given you food for thought as to why you need #testforsecurity (in this case test your internal processes).


you can also read the following

Contact Us  as we can help.







2 thoughts on “NGFW-Tech Half Battle In Orgs”

Leave a Reply

Your email address will not be published. Required fields are marked *