I have designed the following guide with steps to be followed in managing and monitoring information in technology as well as information security. This carries along with the defined objectives such as to enable one as a manager to make proper decisions on important business components concerning information technology, managing risks and proper measure adequacy of security audits. This material move to an overview of the detailed explanation on the most effective procedure and implementation of a government based Enterprise Security Program: (i) establishing information security teams is essential, (ii) build and manage an information asset, (iii) implementing the regulatory compliances and proper standards (iv) building an incident Management and disaster recovery plan, (v) to conduct audits.
The growing of todays technologies, regulatory bodies security threats as well as business processes greatly emerge to be a threat to every business. Failure on information security means probability of a severe impact on business as well as credibility. In the current world information must meet three information security tenets which include integrity, availability as well as confidentiality (Walton, 2002.) Availability means that information ought to be timely to those who need as integrity entails the information is complete and secure from tempering by malicious agents. Confidentiality means the information must be safeguarded and made secure from unauthorized access. The following is some of the tenets as a manager has to enact.
First, establishing information security teams is essential. It is very important to choose the right personnel to embark on any cooperate journey. This team is responsible for drawing businesss the mission, objects and goals. The top security of the enterprise security program is also maintained. They also manage IT assets, assessing threats as well as vulnerabilities.
The second step is to build and manage an information asset which starts with managing an inventory. This inventory must document hardware, applications and information assets. The third step involves deciding on regulatory compliances and standards. Regulations are norm and mandatory set legal requirements. A good example is implementation of healthcare specifically on Health Insurance Portability and Accountability Act. Payment Card Industry is an example of a standard. Policies and regulations are set to ensure every division pay for its service accordingly despite the fact that all share a common information infrastructure.
Building an incident management and disaster recovery plan is another crucial step that must be followed. Security of the management assets may be breached and data may also be deleted unintentionally, therefore, these incidents require a sound response plan. The final step is to conduct audits. Internal audits monitors and makes sure that the set policies and procedures are firmly held in position and as effective as possible.
I recommend the team to have an effective change to improve the business security of the organization by ensuring sound consistency. The set rules and regulation of the enterprise security program should be adhered to by every worker in the business organization therefore, ensuring a proper governance on these rules is an important aspect to be greatly considered.
Walton, J. P. (2002, November). Developing an enterprise information security policy. In Proceedings of the 30th annual ACM SIGUCCS conference on User services (pp. 153-156). ACM.
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Introduction Discussion of the Prevalent Types of Computer-Based Crimes
- Spyware on Children - Argumentative Essay Sample
- Database or Data Warehouse - Paper Example
- Paper Example on Business and the Internet
- Network Architecture Overview for the Bank. Thesis Example.
- Are Cyber-attacks a Threat to Today's Society? Essay Example
- Design and Fabrication of PLC