Information Security Management dissertation

Download this dissertation in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from dissertation:

Security Management

During the span of one's college career, a select number of courses become something more than a simple requirement to be satisfied to assure graduation; these are moments in a student's educational process which make the most lasting impacts. In my personal case, the lessons I have learned as part of my studies in ISSC680 will likely be remembered in those terms, as my eventual career will find me utilizing much of the foundational knowledge I gained in this course on a daily basis. As an aspiring information security officer, who hopes to apply the skills imparted throughout my time in ISSC680 during my professional career, I am sure that when I reflect on my college experience this class will stand out above the rest in terms of significance. The two textbooks which have provided detailed instruction on the field of information security, Information Security Fundamentals and Information Security: Design, Implementation, Measurement, and Compliance, have become essential resources both in and out of the classroom setting, as the wealth of experiential data contained within has enabled me to comprehend both the requirements of my future career, and the great responsibility my duties as an information security officer will entail. From the theoretical underpinnings of data protection and access control methods, to the moral and ethical ramifications of protecting a firm's invaluable data by any means necessary, the course material I have been exposed to during my time in ISSC680 ranks among the most influential of my college career. Through a thorough review of the course itself, including the crucial concepts that form the foundation of an information security officer's daily duties, I hope to examine the multitude of ways that this course has improved my base of knowledge, expanded my skill set, and enhanced my capabilities as a defender of digital data.

Throughout the entire course I have been continually exposed to new sources of knowledge regarding the field I aspire to work within, from the textbook material, instructors, and even fellow students. The process of reading individual chapters from the textbooks, which covered such diverse topics as risk assessment models, risk analysis and management, and access control methods, and writing detailed essays on the relevant material proved to be a highly informative process. By approaching the various methodologies and procedures used by information security analysts in the field, and contemplating how I may apply them within my own career, I found my confidence increasing as my base of knowledge continued to expand. As the authors of Information Security Fundamentals state in the introduction to their expansive volume, the book "was designed to give the information security professional a solid understanding of the fundamentals of security and the entire range of issues the practitioner must address" (Peltier, Peltier & Blackley, 2005). It was through this course that I was first exposed to the network of organizations working to serve information security professionals, including the Computer Security Institute (CSI), "the original and leading educational membership organization for information security professionals" whose mission is "to provide high quality products that focus on practical, cost-effective strategies, solutions and methodologies that will help you to protect your organization's greatest asset: Information" (Computer Security Institute, 2012). Having come to the conclusion of my experience in the ISSC680 course, I firmly believe that I am more fully prepared to accomplish my duties as a professional information security analyst, because today I am equipped with both the theoretical foundations of the industry's fundamental tenets, and the ability to discern when, where and how to most properly deploy those skills.

One of the core concepts within the field of information security and data protection is that of risk assessment, and considering Timothy P. Layton states in the preface to Information Security: Design, Implementation, Measurement, and Compliance that "the heart of every information security program is always risk assessment" (2007), it is useful to begin any discussion of ISSC680 with this critical component. While the idea of assessing the litany of risk factors, both from external threats and internal misconduct, may appear to an obvious step in securing an organization's data delivery networks, I soon discovered through our readings and lectures that a true information security professional must be capable of seeing beneath the proverbial surface of every security issue they confront. After becoming familiarized with the Information Security Risk Assessment Model (ISRAM), as well as other assessment types such as the Global Information Security Assessment Methodology (GISAM), I now feel extremely prepared to assist the organization that hires me by identifying threats through anticipatory means. Whether the risks are generated by the malicious intrusion of anonymous hackers, the prying eyes of competing organizations, or simply the negligence or incompetence of office workers during the often chaotic daily exchange of data, I know now that I must remain vigilant in my efforts to conduct effective and efficient risk assessment processes on a routine and regular basis.

As the sheer scope and reach of modern computing technology continues to expand at a seemingly exponential pace, part of my responsibility as an aspiring information security officer is to develop a level of proficiency with the tools of my trade. From the complexities of the massive server farms used by major corporations to store the endless stream of data produced by their global business operations, to the "initial sign-on screen that is the first indication there are controls in place" (Peltier, Peltier & Blackley, 2005), the lessons imparted throughout this eight-week course have equipped me to utilize the full spectrum of data protection tools currently available. One of the most interesting aspects of information security I encountered during my time in ISSC680 is the concept that, even within a world increasingly dominated by computing technology and digitized data, "to be an effective program, information security must move beyond the narrow scope of IT and address the issues of enterprisewide information protection because the bulk of all of the information available to employees and others is still found in the printed form" (Peltier, Peltier & Blackley, 2005). While my primary objective as a professional information security analyst will always concentrate on securing the storage of, and restricting access to, my firm's digital data, being reminded of the importance that paper-based files and memoranda still play was a refreshing recalibration of my priorities.

Another extremely important aspect of the modern information security field that I was exposed to during this course is the synergy which must exist between an organization's IT department and its overall management structure. As Layton states emphatically in his Information Security: Design, Implementation, Measurement, and Compliance, "the information security battle is won in the boardroom and not at the firewall & #8230; because executive and management support is one of the most important elements for successful information security programs next to users accepting and acting properly on the information security policies and guidelines" (2007). Discovering that my own abilities as an information security officer will always be somewhat limited by the executive strategies put in place by my superiors was an enlightening, and yet humbling, revelation that will surely inform my decision making in the future. When one considers the recent advisement issued by the Information Systems Security Association that "no matter how much technology is applied to an issue, it only takes one human mistake or action to defeat the technology and open an organization up to attacks" (Anderson, 2013), it becomes readily apparent that protecting an organization's invaluable collection of data requires a true commitment to cooperation and collaboration. In order to ensure that all aspects of an organizational structure, from the temporary employees tapping away in their cubicles to the senior managers tasked with guiding corporate strategies, are unified by a shared sense of responsibility within the realm of information security, a comprehensive Information Security Policy Document should be instituted immediately and updated regularly.

While the broader conceptual goals of information security practices are indeed quite informative, I constantly found myself reviewing the proverbial nuts and bolts of the industry, including the rigorous access control methods used to regulate and restrict the unending flow of data within an organizational structure. Simple log-on screens and personalized passwords, user access and privilege management, authentication requirements for external connections, and even the construction of complex cryptographic algorithms are among the most widely applied access control methods, and my time in ISSC680 has left me with a far greater understanding of these tools than I previously possessed. The observation made by the authors of Information Security Fundamentals that "over the years, the computer security group responsible for access control and disaster recovery planning has evolved into the enterprisewide information protection group" (Peltier, Peltier & Blackley, 2005) was especially intriguing to me, because this trend suggests that merely erecting secure access control methods does not fully fulfill the duties of a modern information security professional. While it is within my ability to develop and implement a full spectrum of access control methods which would reduce the risk of…[continue]

Some Sources Used in Document:

"feature0113.pdf" 
"SecurityOrg.pdf" 

Cite This Dissertation:

"Information Security Management" (2013, January 07) Retrieved December 10, 2016, from http://www.paperdue.com/essay/information-security-management-104826

"Information Security Management" 07 January 2013. Web.10 December. 2016. <http://www.paperdue.com/essay/information-security-management-104826>

"Information Security Management", 07 January 2013, Accessed.10 December. 2016, http://www.paperdue.com/essay/information-security-management-104826

Other Documents Pertaining To This Topic

  • Information Security Management

    Security Management Information Security Management Managing the information security at a major university is never an easy task, and especially with a team of only ten the complexities and the resource demands can sometimes make the situation seem all but impossible even on the best of days. When the former head of information security management suddenly departs as the result of an FBI arrest -- and when that arrest stems from the

  • Security Management the Role of a Security

    Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are

  • Security Information Security Is a Primary Concern

    Security Information security is a primary concern for consumers and businesses. In "IT security fails to keep pace with the rise of cloud computing," the author claims that in spite of the advancements in cloud technology, information security has not kept pace. This assessment is rooted firmly in fact and best practices in the information security industry. Although their analysis is thorough, the authors would do well to point out the

  • Information Security Training Program

    Federal Information Security Management Act (FISMA) The Federal Information Security Management Act places emphasis on the importance of training and awareness program and states under section 3544 (b).(4).(A), (B) that "security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency of- information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures

  • Information Security

    Security A broad definition of information security is given in ISO/IEC 17799 (2000) standard as: "The preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods), and availability (ensuring that authorized users have access to information and associated assets when required" (ISO/IEC 17799, 2000, p. viii). Prior to the computer and internet security emerged as we

  • Security Management Strategies for Increasing Security Employee

    Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,

  • Security Management Security Measures Risk Management

    Security management is "described in some quarters as a function of risk management," (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree," (Bulletin 2, Part 2). Security management is


Read Full Dissertation
Copyright 2016 . All Rights Reserved