Management of i.t. security
A Brief Look
It cannot be repudiated that currently information technology is a very significant advantage and resource for any contemporary business. Consequently defending its valuable resource through effective management of its IT security is central and quickly becoming a top precedence for many businesses and organizations. Regrettably there is no distinct formula that can promise complete, 100% of data security. To guarantee administrative effectiveness, companies that provide service like cloud storage, must make comprehensive arrangements to act against cyber dangers before they transpire, and to recuperate from mischievous cyber activities when such dangers do well.
A cloud security threat-management approach must be an active document that is frequently revised by stakeholders, and must comprise of policies and purposes that bring into line with the needs of the organization. "Given the threat of security breaches, to both cloud service providers and organizational cloud service users, cloud security and privacy are growing public policy concerns as well as salient area of inquiry for researchers" (Choo, 2014, p. 52). This means that along with strong and effective management of the processes involved with IT security, certain frameworks must be applied. A good example of one is COBIT.
COBIT is an IT governance structure and supportive toolset that sanctions managers to link the gap between regulatory requirements, technical problems, business hazards, and security concerns. COBIT has five IT Governance parts of application. "The Control Objectives for Information and related Technology (COBIT) is a certification created by ISACA and the IT Governance Institute (ITGI) in 1996. They believe that it is a set of practices (framework) for IT management" (Susanto, Nabil Almunawar & Chee Tuan, 2011, p. 23).
COBIT involves strategic alignment. Which means focus on ensuing the connection between IT plans and businesses. This means maintaining, validating, and defining the IT value proposal including aligning IT operations alongside business operations. The next aspect is value delivery. Value delivery concerns execution of value proposal through any specific delivery cycle. Performing these processes ensures that IT provides the promised benefits suggested by use of the strategy, with concentration and focus on optimization of expense along with proving the intrinsic worth of IT.
Along with value delivery, the next step is resource management. Put simply, resource management concerns the optimum investment as well as the appropriate management of critical IT properties that include: applications, people, information, and infrastructure. Risk management is a step that involves a concise comprehension of the enterprise's enthusiasm for risk and comprehension of compliance. The last step is monitors strategy and performance measurement tracks that involve implementation, project conclusion, resource practice, process presentation and service distribution. This could include balanced scorecards that transform approach into action in order for businesses to accomplish objectives measurable beyond predictable accounting requirements, and pellucidity into the organization.
Security Risk Evaluation
In order to supply the processed needed in a framework like that of COBIT, an effective security risk evaluation is often needed for businesses and organizations to understand what is needed in relation to expenses, processes, and weaknesses that could lead to security outbreaks. A security risk evaluation has several stages that involve becoming aware of a vulnerable points and shortcoming within the system.
The proposed framework is about risk management which is implemented through creating risk management system and is based on the reduction strategies, and via these properties, threats and weak points can be determined and suitable quality level will be recognized and then controls will be chosen to neutralize or reduce the unpleasant risk to an acceptable level (Malayeri, Modiri, Jabbehdari & Behbahani, 2012, p. 6).
The first part of this stage of awareness of the properties within the security zone. What this essentially means is security as it relates to the safeguarding of properties and resources against threats. So in order to assess security, one must know what properties and resources are at risk should a security outbreak transpire.
The second stage is determining whether or not the threats are associated to the resources and properties and determine if there are any vulnerable points to these properties. In order to do this, application of threats modeling method should assist...
Threat modeling essential is:
1. Identification of security objectives
2. Application overview
3. Decompress application
4. Identify threats
5. Identify Vulnerabilities
The next stage, stage three involves determination of actual probability. Essentially what are the real probabilities of each compound: threat and vulnerability, should be acknowledged. Compounds that cause unnoticeable likelihoods are ignored. Those that have higher frequency of probability should be examined and assessed. Grades range from 0-6 with 0 being unlikely to happen and 6 being once a day frequency. The fourth stage is unpleasant effect calculation. "The unpleasant effect may be measured by numbers in order to show the caused damages by them. This amount makes the risk importance possible, ignoring its probability. The unpleasant effect is not dependent on probability level" (Malayeri, Modiri, Jabbehdari & Behbahani, 2012, p. 7).
Gradually over time users are being viewed as the fragile link in the chain of information technology, especially when it comes the security of business data. Employees could willingly or unknowingly leak out private company information that could result in serious security breaches. "Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution" (Doherty, Anastasakis & Fulford, 2011, p. 201). This is a predominantly significant worry for knowledge-intensive organizations, like Google that hold cloud services that universities and other establishments use making security breaches ruin the availability, reliability and precision of computer-based information resources. A progressively important contrivance for decreasing the incidence of incongruous behaviors, and in so doing, defending business information, is through the construction and application of an official 'acceptable use policy (AUP). "Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies" (Doherty, Anastasakis & Fulford, 2011, p. 201). The comprehensive purpose of such a policy is to help businesses deal with intolerable behavior by proactively endorsing appropriate and operational security behaviors.
Perception of Security Threat
Often times some businesses do not perceive much threat when it comes to some of their services. For instance, the celebrity nude pictures scandal was a result of lax security on the part of passwords when it came to cloud accounts. Hackers were able to access the files located within the cloud servers by simply guessing over and over again the password. It is in instances like these that companies like Google, who have cloud servers, must become aware of the possible security threats that lurk in areas that are presumed to be low risk.
When businesses attempt to manage information security, traditionally they approach a control-based compliance model. This strategy "assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts" (Hedstrom, Kolkowska, Karlsson & Allen, 2011, p. 373). Human behavior does need to be controlled and regulated to some extent, but the problem of security breach is more complex than that. More than just behavior it's the processes involved within the systems, continual threat assessment, and proper monitoring of suspicious activity. All of these contribute to the betterment of IT security over all areas. Another important aspect to recognize is positive partiality.
In one study, results demonstrated positive partiality in risk awareness on information security territory. The degree of this positive partiality is better with a distant contrast target with scarcer information sharing undertakings. Consequently, this positive partiality is also established in relation to awareness of controllability over information security threats. "In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation" (Rhee, Ryu & Kim, 2012, p. 221). To circumvent such thought processes, additional training could remove some of the possible mistakes that come about from this form of thinking.
Information Technology security is a complex undertaking. It involves using multiple strategies and models that not only help defend suspicious user behavior, circumvent optimistic bias, and providing appropriate and easy to follow evaluation procedures. Becoming aware of potential dangers, high risk areas, and employing a sound user policy should any business avoid potential hiccups within the IT security field.
Choo, K. (2014). A Cloud Security Risk-Management Strategy. IEEE Cloud Computing, 1(2), 52-56. doi:10.1109/mcc.2014.27
Doherty, N., Anastasakis, L., & Fulford, H. (2011). Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy. International…
Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of
Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Security Management at Aviation and Healthcare Sectors Security Management Essay This paper discusses the concept of aviation security management and security management at healthcare settings. In addition to that, this paper also lists down and describes the important factors that can have an influential impact on the functions of aviation and a healthcare security manager. Security Management at Aviation and Healthcare Sectors Aviation Security The general aviation security confronts a number of security challenges. The
Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination