The reality is however that legacy systems pose the greatest potential risk to any enterprise, as these platforms are anachronistic in terms of security support, lack many common safeguards, and don't have the necessary Application Programmer Interfaces (APIs) to scale globally as a secured platform (Gupta, Roth, 2007). Legacy systems were designed in an era where single authentication for an entire enterprise system was sufficient enough, and the concept of role-based access and computing was not considered a core requirement. Architects of these systems could not anticipate the breadth, depth and sophistication of attacks being carried out today against enterprise systems, websites, EDI links and every other potentially vulnerable entry point to a system. Enterprise software vendors including Oracle, SAP, Infor and others have opted to port or migrate their legacy ERP systems to Enterprise Application Infrastructure (EAI)-based platforms to increase their security while retaining compatibility with legacy databases and programs (Harney, 2006).
Legacy systems are the single greatest threat to any enterprise today (Talbot, 2006). This is because their initial architecture, design and implementation did not take into account the breadth, depth and sophistication of attacks today were not anticipated or forecasted decades previously. The retrofitting of legacy application is a formidable task with the costs for an ERP system being well over $16M or more for a typical distributed order management system for example (Talbot, 2006). Given the high costs of transforming legacy and home-grown ERP and enterprise systems into secured, scalable and role-based platforms, it is understandable why many companies today are looking at how their investments in compliance requirements can also attain a high level of risk mitigation and management. The following section illustrates how enterprises are pursuing compliance to government reporting requirements while working to quantify the financial value of their security management strategies.
Assessing the financial impact of enterprise security management strategies on an enterprise needs to capture the business improvements possible from role-based access to data and information while taking into account the measurable gains in performance due to reducing risk and increasing reporting accuracy. Measuring the financial impact of risk management needs to take a causal approach to best capture the return on investment (ROI) possible from greater security, risk mitigation and preventative security initiatives. These investments at the strategic level drive greater business improvements supported by highly scalable compliance platforms capable of supporting cost reductions while ensuring highly efficient use of assets. The relationships of these factors are shown in Figure 2 are used by enterprises to create unified, enterprise-wide strategies for security management that can have measurable, significant financial results over time. Figure 2, Causality of Security Management Strategies to Shareholder Value shows how compliance, security and compliance platforms, when coordinated, can deliver significant shareholder value over time.
Figure 2: Causality of Security Management Strategies to Shareholder Value
Source: (Nagaratnam, et.al, 2005)
The continual pursuit of security's contribution to shareholder value shown in Figure 2 is managed as an iterative workflow, with continual improvements made over time to system processes, procedures and integration points throughout enterprises. This iterative approach to continually strengthening and focusing enterprise security management investments to gain the greatest impact on financial performance has shown potential in reducing operating systems by reducing cost-based leakage, supply chain errors, and losses from pilferage and data loss including theft (Nagaratnam, Nadalin, Hondo, McIntosh, Austel, 2005). This model also illustrates how closely aligned enterprise risk management strategies are to the financial performance of enterprises that rely on them (Garbani, 2005). Each enterprise needs to take into account their specific strategic plans, IT integration points for core strategies, and the ability to quantify how risk management contributes to greater financial performance. While averting an attack that decimates information assets can't be calculated, when the performance of these systems are taken into account from a process improvement standpoint as part of a risk management strategy, their contributions can be clearly tracked (Nagaratnam, et.al, 2005). More efficient and highly targeted security management strategies can help an enterprise be more efficient in meeting the three triad requirements mentioned earlier in this analysis. Quantifying the value of risk management has the greatest impact in streamlining how IT resources are used in the attainment of long-term strategic plans and initiatives.
Analysis
Too often organizations rely on a tactical, short-term orientation for solving strategic, complex and intricate security problems. This leads to many enterprises continually churning through risk management programs and initiatives. Burning thousands of hours and millions of dollars in the process...
Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,
Security management is "described in some quarters as a function of risk management," (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree," (Bulletin 2, Part 2). Security management is
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Security Management at Aviation and Healthcare Sectors Security Management Essay This paper discusses the concept of aviation security management and security management at healthcare settings. In addition to that, this paper also lists down and describes the important factors that can have an influential impact on the functions of aviation and a healthcare security manager. Security Management at Aviation and Healthcare Sectors Aviation Security The general aviation security confronts a number of security challenges. The
Port Facilities Manager Ports have historically played an instrumental role in driving the global economy by facilitating the movement of people and cargo from one part of the globe to another. Due to their phenomenal influence on the global economy, ports must be effectively managed. This is particularly true in terms of their facilities, equipment, and infrastructure. The port facilities manager is tasked with the responsibility of supporting the port
Another aspect of the security management area of a network management system is the development of policy-based auditing and alerts by role in the organization (Merilainen, Lemmetyinen, 2011). This is one of the areas of knowledge-enabled security management, specifically in the area of role-based access and advanced auditing and reporting. Fault management is also an area that no single suite of network management systems can completely meet per the ISO standards
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now