1. Security Definition
It is the method of hiding data from unauthorized access to resources. It is the way not to allow unauthorized persons to access data or files belonging to the organization. It means to protect valuable information about the company (Tipton & Nozaki, 2007). In other words, security is vital in any organization which has a role of protecting not only the company's information but assets too against both internal and even external threats. The defense mechanism can include detection, prevention as well as response to the above-mentioned threats by using software tools and security policies.
2. Description of Security Organizations
Public sector security organizations
These are organizations responsible for designing security policies and must be followed by all public /private sectors. These organizations are responsible for establishing standards for communication to provide security for information systems. Additionally, the public sector security organizations major focus is to curb all emerging threats and all other security issues that may have a negative impact on the operation of businesses and the well being of the people (Tipton & Nozaki, 2007).
Private/contract organization
These organizations carry out research on security, works with public organizations in implementing security policies as well as securing the resources of those organizations. Private organizations together with the public sector identify threats and analyze vulnerabilities and in return mitigate risks and even effects that can negatively affect an organization.
Proprietary organization
It is responsible for the company at which security personnel is working. In other words, the organization directors determine all the procedures and policies for the security providers. In this case, the directors are able to control all the security operations conducted by the staff and other employees (Tipton & Nozaki, 2007).
Hybrid organization
It is like a trusted third party service between organizations which want to communicate safely. These organizations design policies to carry out authentication and secure communications between two or more companies (Tipton & Nozaki, 2007). Hybrid organizations through interconnecting with other companies protect applications, data and infrastructure of the company from threats.
3. How a Security Professional Determines Security Needs and Impact
A security professional must identify the security needs required for an organization:
Confidentiality
A security professional has a role of securing data so that unauthorized persons cannot have access to the private matters of the company. In this case, maintaining confidentiality is essential in securing data from cryptanalytic attacks.
Authentication
To ensure the identity of host /client with which server is communicating to, thus avoid intruders who may pose a threat to the company.
Integrity
It is a service to ensure the correctness of data. It helps to understand errors that are prone to occur. Embracing the use of Message authentication codes helps in achieving integrity and authentication of data.
4. Essential Functions of Security
Security provides confidentiality, integrity, authentication and non-repudiation. .Non-repudiation is a service where a sender or receiver cannot deny the existence of communication has taken place. Without non-repudiation cyber crimes will increase. Confidentiality is achieved through encryption and decryption as means of protecting data, while authentication is achievable through digital signatures, passwords, and also OTP's (Tipton & Nozaki, 2007). On the other hand, integrity is achieved through digital signatures, message authentication codes
5. Security Management Goals
All security goals focus on three goals; Confidentiality, integrity and authentication. With the CIA triad, security management goals mentioned above are developed on procedures and policies that are often called governance. In protecting the confidentiality of data, the management systems ensure data does not land in the wrong hands that may be a threat to the organization. In preserving the integrity of data, the security management has a role of ensuring all information communicated is correct and up to date (Tipton & Nozaki, 2007).
6. Roles of a Security Manager
Security manager must monitor issues like unauthorized access into the systems, and therefore take measures to prevent malware by installing antivirus. He or she must also ensure data is secured and updated from time to time, and also stored in a recoverable state in case of loss (Tipton, & Nozaki, 2007). Additionally, a security manager develops and implements all security-related policies, protocols and even procedures. This is to ensure the security officers recruited can effectively carry out operations in line with the organization expectations and expenses.
References
Tipton, H. F., & Nozaki, M. K. (2007). Information security management handbook. CRC press.
Cite this page
Information Security Management Paper Example. (2022, Jul 07). Retrieved from https://proessays.net/essays/information-security-management-paper-example
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- What to Do After an Accident Essay Example
- Entrepreneur Interview Analysis Essay
- Essay on Making Smart Decisions: Critical Thinking, Creative Skills and Divergent Thinking
- Paper Example on TechFite: Promoting Leadership & Community Involvement
- Essay on Two Leaders Who Left a Legacy: Ramses II & Constantine
- Essay Sample on Strategic Management: Assessing, Analyzing & Evaluating for Competitive Advantage
- Essay Sample on Business & Organizational Ethics: Ethics & Morals for Everyone