Theories Over the Last Several

¶ … Theories

Over the last several years, a wide variety of theories have emerged in the world of information technology about the best security protocols. This is because the underlying nature of the threat has: become more frequent and it is constantly evolving. A good example of this can be seen within the U.S. government itself. as, they reported that the total number of cyber attacks against their infrastructure increased by: 39% in 2010 to 107,439 cases that were reported. (Montablano, 2011) This is significant, because it is showing how the overall type of the threat is changing.

As a result, a number of different theories have been presented to address the shifts that are occurring from this hazard. To fully understand what is taking place requires comparing and contrasting the different theories with each other. Together, these elements will provide the greatest insights as to how the nature of risk management is changing.

The Framework Theory

The Framework theory is concerned about looking at a number of major elements that could have an impact upon an organization's security procedures. The most notable include: identifying, assessing, treating and monitoring the various risks. (Jones, 2007, pp. 30 -- 38) Identifying is when are looking at what specific threats are facing an organization. To determine this, the staff must consider a number of different factors to include: establishing compliance standards / regulations, environment mapping, risk identification and risk ownership. (Jones, 2007, pp. 30 -- 38)

Assessing is when everyone is looking at the specific threats and deciding what kind of a danger it is to an organization. This includes several different factors such as: risk reduction planning, risk modeling and testing. (Jones, 2007, pp. 30 -- 38) as a result, this is important because it is providing a way analyzing the overall nature of the risks.

Treating is when the organization is examining how to: mitigate the underlying nature of the threat and prevent it from spreading to other systems. This involves using several different elements in conjunction with one another to include: prioritizing the risk mitigation efforts and engaging in effective risk treatment. (Jones, 2007, pp. 30 -- 38) These different factors are significant, because they are illustrating how the nature of threat is approached and addressed.

Monitoring for various risks is when personnel are studying the effects of: possible threats that have been isolated and they identifying new ones. There are several different factors that are utilized during this part of the process to include: risk monitoring and reporting. (Jones, 2007, pp. 30 -- 38) This is important, because this step will ensure that an organization is: adapting to the challenges they are facing and remaining vigilant for new one that are emerging.

What this highlighting, is how this theory can be used to establish various guidelines for a security protocol inside an organization. However, they do not provide actionable steps that can be taken immediately to address specific threats. These elements are important, because they are: showing the overall strengths and weaknesses of using this procedure. Therefore, this theory provides basic criteria for: any kind of security protocol and should be utilized to create a general strategy. In this case, there was a tremendous amount of research that was available on this theory.

The Independent Theory

The independent theory is designed to: take the most effective security procedures and implement them into one basic strategy. There are a number of different elements that are utilized as part of this security protocol to include: the use of mapping and safeguards / layering. Mapping is when the it administrator will integrate the different computer systems together, to see how much data is: being retrieved, stored and processed. (McCumber, 2008) This is important, because this tool is providing an organization with a strategy to monitor for unusual activity.

The use of safeguards and layering is when an entity will establish multiple security blocks. The idea is to: interconnect the various firewalls and other security protocols together. This will improve the ability of the system to with stand a severe attack by: having multiple fail safes in place. (McCumber, 2008) Once this occurs, it means that it will be more challenging for hackers to be able to successfully penetrate a particular system.