Information Security Management Paper Example

Paper Type:  Essay
Pages:  3
Wordcount:  719 Words
Date:  2022-07-07

1. Security Definition

It is the method of hiding data from unauthorized access to resources. It is the way not to allow unauthorized persons to access data or files belonging to the organization. It means to protect valuable information about the company (Tipton & Nozaki, 2007). In other words, security is vital in any organization which has a role of protecting not only the company's information but assets too against both internal and even external threats. The defense mechanism can include detection, prevention as well as response to the above-mentioned threats by using software tools and security policies.

Trust banner

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

2. Description of Security Organizations

Public sector security organizations

These are organizations responsible for designing security policies and must be followed by all public /private sectors. These organizations are responsible for establishing standards for communication to provide security for information systems. Additionally, the public sector security organizations major focus is to curb all emerging threats and all other security issues that may have a negative impact on the operation of businesses and the well being of the people (Tipton & Nozaki, 2007).

Private/contract organization

These organizations carry out research on security, works with public organizations in implementing security policies as well as securing the resources of those organizations. Private organizations together with the public sector identify threats and analyze vulnerabilities and in return mitigate risks and even effects that can negatively affect an organization.

Proprietary organization

It is responsible for the company at which security personnel is working. In other words, the organization directors determine all the procedures and policies for the security providers. In this case, the directors are able to control all the security operations conducted by the staff and other employees (Tipton & Nozaki, 2007).

Hybrid organization

It is like a trusted third party service between organizations which want to communicate safely. These organizations design policies to carry out authentication and secure communications between two or more companies (Tipton & Nozaki, 2007). Hybrid organizations through interconnecting with other companies protect applications, data and infrastructure of the company from threats.

3. How a Security Professional Determines Security Needs and Impact

A security professional must identify the security needs required for an organization:

Confidentiality

A security professional has a role of securing data so that unauthorized persons cannot have access to the private matters of the company. In this case, maintaining confidentiality is essential in securing data from cryptanalytic attacks.

Authentication

To ensure the identity of host /client with which server is communicating to, thus avoid intruders who may pose a threat to the company.

Integrity

It is a service to ensure the correctness of data. It helps to understand errors that are prone to occur. Embracing the use of Message authentication codes helps in achieving integrity and authentication of data.

4. Essential Functions of Security

Security provides confidentiality, integrity, authentication and non-repudiation. .Non-repudiation is a service where a sender or receiver cannot deny the existence of communication has taken place. Without non-repudiation cyber crimes will increase. Confidentiality is achieved through encryption and decryption as means of protecting data, while authentication is achievable through digital signatures, passwords, and also OTP's (Tipton & Nozaki, 2007). On the other hand, integrity is achieved through digital signatures, message authentication codes

5. Security Management Goals

All security goals focus on three goals; Confidentiality, integrity and authentication. With the CIA triad, security management goals mentioned above are developed on procedures and policies that are often called governance. In protecting the confidentiality of data, the management systems ensure data does not land in the wrong hands that may be a threat to the organization. In preserving the integrity of data, the security management has a role of ensuring all information communicated is correct and up to date (Tipton & Nozaki, 2007).

6. Roles of a Security Manager

Security manager must monitor issues like unauthorized access into the systems, and therefore take measures to prevent malware by installing antivirus. He or she must also ensure data is secured and updated from time to time, and also stored in a recoverable state in case of loss (Tipton, & Nozaki, 2007). Additionally, a security manager develops and implements all security-related policies, protocols and even procedures. This is to ensure the security officers recruited can effectively carry out operations in line with the organization expectations and expenses.

References

Tipton, H. F., & Nozaki, M. K. (2007). Information security management handbook. CRC press.

Cite this page

Information Security Management Paper Example. (2022, Jul 07). Retrieved from https://proessays.net/essays/information-security-management-paper-example

logo_disclaimer
Free essays can be submitted by anyone,

so we do not vouch for their quality

Want a quality guarantee?
Order from one of our vetted writers instead

If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:

didn't find image

Liked this essay sample but need an original one?

Hire a professional with VAST experience and 25% off!

24/7 online support

NO plagiarism