Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Justifying Security in the Business World Today
Having a good security policy, from screening prospective employees to protecting vital corporate data, can be costly for a company. But good security acts like an insurance policy. Ideally, a company does not want to have to use the full capacities of its security system. But if a security system is not present, then complications, when they do arise, can be disastrous to the immediate health and welfare of employees and the long-term future of the company. Thus, security personnel who are selling security systems, devices, technology, or services to a company often find themselves in the unenviable position of a life insurance salesman or woman -- they have to convince a company that the initial cost is justified, because of the risks that lie ahead if the investment is not made in the here and now, and they have to bring up the difficult and thorny issues of possible losses if the systems are not implemented.
How Security Systems are Effective in Generating Profits
Security investments may seem like costs initially, rather than areas of profits because the benefits of security are not immediately tangible, or calculable. But individuals are more willing to invest in companies that have secure systems in terms of auditing and information protection. A consumer is more likely to make use of a credit card from a company with a documented security policy. An employee is more likely to stay at a company where he or she feels safe and secure, working late at night....
Investors are more likely to part with their immediate cash, if they feel standard procedures in accounting are openly obeyed, when the company is calculating how the corporate finances are allocated.
Preventing Losses
Another way to justify the costs of security to management is loss prevention or mitigation and what is also called 'risk management.' In planning for the unexpected, companies have to weigh the risk vs. The cost of a contingency plan. When marketing security, the speaker must communicate a clear business case for investments in security, present the strategy in cost-effective language and layperson's terms. (Flynn, 2005) Robert Austin (2005) suggests putting high-tech language in this simple financial scenario on a personal level: if you knew "affordable lock technologies that provide better protection were available" for your home, and neighbors were being burgled in your area, would you consider it a savings not to make such an investment? Of course not, although a surprisingly large number of companies don't think the security of their IT infrastructure is all that important, as evidenced by the "48% of companies stringently control the applications that are installed on corporate computers." (Austin, 2005)
Austin states that such this kind of sloppiness in security "should be no more acceptable to responsible companies than is sloppiness in tracking inventory or cash in a company's bank account. When we stop thinking about information security as an esoteric problem and…
Works Cited
"The ABCs of Business Continuity and Disaster Recovery Planning." CSO Online. Retrieved 26 Oct 2005 at http://www.csoonline.com/fundamentals/abc_continuity.html#1
Austin, Robert D. "Analyst Report: Information Security: Awareness is Spreading, but Not Fast Enough." CSO Online. Retrieved 26 Oct 2005 at http://www.csoonline.com/analyst/report3903.html
Flynn, Chris. (3 Jun 2005) "Value-Based Security." ASIS Website. Retrieved 26 Oct 2005 at http://www.asisonline.org/newsroom/pressReleases/index.xml
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
Security Plan Target Environment Amron International Inc. Amron International Inc. is a division of Amtec and manufactures ammunition for the U.S. military. Amron is located in Antigo, Wisconsin. Amron also manufacturer's mechanical subsystems including fuses for rockets and other military ammunitions as well as producing TNT, a highly explosive substance used in bombs. Floor Plan Target Environment The target environment in this security plan is the manufacturing operation located in Antigo, Wisconsin, a
security career is varied, offering people wishing to pursue this option with jobs like security guard, loss prevention specialist, crossing guard, deputy sheriff, even security management specialists. The cross fields and some need special training as well as a degree for a person to gain access too, not to mention, some jobs requires prior experience, at least one year. With that said, the most in demand and easy to
Q1. Discuss specific reasons why personnel appraisals serve the interests of the organization. Even in the most technologically-driven organizations, personnel appraisals are critical for ensuring high levels of quality control. Humans are still the primary operators of technology, and without good people at the helm, appropriate security protocols will not be enforced. People need to know on a regular basis how they are performing and usually desire feedback. Ideally, this feedback
How has the Securities and Exchange Commission (SEC) improved reporting measures for publicly held companies? What are the weaknesses in SEC procedures? The SEC has amended its reporting requirements in order to eliminate, modify, or integrate certain disclosure rules. These changes are aimed at improving disclosure effectiveness. Simplifying compliance without the need for significantly altering the total mix of information that is provided to the investors. Improving this reporting measures will
SECURITY Information Security and Risk Management in IT This essay is designed to present and discuss both an assessment of information security and risk management in IT systems and a comparative discussion of important academic theories related to security and risk. In the first section, An assessment, a conceptual framework will emerge including reference to important terminology and concepts as well as an outline of legislation and authorized usage examples. In the