Director of Information Security
There is now a need evolving to create a better-sophisticated system of security that can prevent many financial disasters for companies and customers. This becomes necessary because of growing technology and the way the malicious elements have become better at using technology to further their nefarious purposes. Financial institutions also stand a good chance of being the target of the future cyber terrorist. Because of all these changes, the role of the security directors known as the CISCO -- Chief Information Security Officer has become very specialized to the extent that form the rudimentary service it began with, namely the basic IT security administration. It has now encompassed the role of addressing every threat and risk management especially in financial organizations that have large customer bases, ATMs and online banking. It was formerly a necessary periphery service that included just maintenance of firewalls, upgrading antivirus and cleaning spy ware off infected laptops and so on. The fact is that these duties are not taken off; but the CSOs are being pushed to become decision makers in the question of designing the program, and defining acceptable risks that makes the CISO a business enabler and a part of the decision-making management. (Brenner, The New CISO: How the role has changed in 5 years)
Security today means protection of assets and of the person or system, which ensures business continuity. In financial institutions like banks for example continuity and the ability to manage disasters and affect quick recovery is now the domain of work along with the information security, which is more than machine security -- all of which fall within the ambit of the CISO. There has been a great change the way institutions have been looking at security, which now means ensuring information safety and recovery along with the conventional security measures. The modern officer needs to be aware of analytics -- predictive analytics and strategy implementation. Though the information security technology and services are upgraded on a smaller frequency in all financial institutions, the management is not happy about data protection still. One problem is that the companies while building a hard exterior have failed to ensure that the stored information is secure. Given the dynamic nature of information, Information is dynamic, and the rules of perimeter-based security are no more applicable. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Complexity of the Issues:
Information Security will become a future need and will rise in importance in the future. Data security is often confused with information security although it is a critical part of security. Today the need for protecting data has become very vital because of the fact that the data refers to clients and customer information. Malicious persons can use data to dwindle the client or organization causing financial disasters. In view of this, the government has passed that the protection of data is not only a need for the company but is also mandatory -- for example, the Data Protection Act 1998. The security officer is liable as of now, and in future, the liability will increase in the aspect of guarding information about individuals that is stored, especially because the Acts and its provisions make the company directors liable personally for the accuracy of their databases. Thus, individuals may sue for misuse of personal information, for not protecting data, and such charges could result in trial and imprisonment. (Pain, 22)
Therefore, the roles of the security officers are going to be augmented in the future with more responsibilities and the power to intervene. This is critical because the responsibility is more to the whole society rather than the institution. As such, they become liable...
This burden thus places greater importance on the security officers. The present scenario has seen development of many methods to keep data safe. Although the issue of database security is addressed on the premise, there is further need to see the issue of recovery and back up for the legal and other operative reasons. Disasters can happen anywhere. In fact prior to September 11, disaster recovery plans did not include terrorist acts, or war. (Stephens, 33)
It is against these that the CISO is expected to find solutions and also the three types of possible disasters, first being a physical destruction of infrastructure that could be caused at any centre by a natural disaster like cyclones, or a man made disaster like fire -- electrical or other wise, surges, lightening etc. The physical destruction could be also a result of terrorism, or other types of acts. The second is the damage to the storage medium because of system malfunctions, virus or the problem with the electronic media and the corruption of data, virus and other similar threats. The third could be a hacking or external threat caused by an agent who is malicious.
The role of the security personnel is more today because the breach of confidential information results in a lot of backlash and serious issues, primarily the customer loses confidence, and often there accompanies bad media publicity. This results in both a bad reputation and prosecution. Thus, the legal and financial implications are too much to neglect the role of security systems and personnel. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
The disaster that could arise from the causes of malignant action can be avoided by using security and by updating the virus scan procedures. This type of activity is prevention. However, some of the disasters will occur and is out of control. In the events like fire, for example, insurance of the data is necessary and it can save lot of costs and provide for damages that may ensue. These are preventive but do not directly help in recreating the data. For such a solution, there is only one way, continuously store data as back up in a place that would not likely be a subject of a direct disaster.
Importance of the role of security officers has been enhanced in the past decades. The information security officer meet new challenges every day and the CISOs must be up-to-date in the information management technology. Infrastructure and data must be protected simultaneously and the tasks would span "consolidation, classification, backup, recovery and archiving" all into account. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Today security means also protecting the customer and the customer identity. Officers will have to see that the internet banking guidance and the procedures related to consumer identity protection and other issues are being complied by not only the system, but also other officers and identities of the institutions. This makes their role more of enforcers. The security officer will not only be concerned with the above issue but must also be an expert in many financial usages including the way the financial institution ought to protect and keep private customer data, partner information, intellectual property issues and how the protection must be ensured for the entire information life cycle. (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Information can be carried or 'stolen' from the perimeter using mobile gadgets like PDAs, laptops and other mobile devices. These can be of use to remove data from the systems interior, and making useless perimeter defenses. So if a laptop went to the wrong hands, how can the information be protected? (Hoffman; Tyminski, From Financial Services CISO to Chief Information Management Office: Tackling 360 Degrees of Enterprise Protection)
Unsolved challenges like this attract the best brains into becoming security officers. The role will be…
OSIIT An analysis of IT policy transformation The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia
Social Engineering and Information Security We are in an age of information explosion and one of the most critical problems facing us is the security and proper management of information. Advanced hardware and software solutions are being constantly developed and refined to patch up any technical loopholes that might allow a hacker attack and prevent consequent breach of information security. While this technical warfare continues, hackers are now pursuing other vectors
ERP and Information Security Introduction to ERP Even though the plans of information security include the prevention of outsiders to gain access of internal network still the risk from the outsiders still exists. The outsiders can also represent themselves as authorized users in order to cause damage to the transactions of the business systems. Therefore, strict prevention measures should be taken to avoid such situations. The threats of both the hackers have been
Security Metrics Governance of Information Security: Why Metrics Do Not Necessarily Improve Security The objective of this study is to examine the concept that the use of various Metrics has tended to improve security however, Metrics alone may not necessarily improve security. This study will focus on two well-known metrics. The work of Barabanov, Kowalski and Yngstrom (2011) states that the greatest driver for information security development in the majority of organizations
This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:
Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of