Security Management in the Computer

Security Management in the Computer Industry has become the job of the future. There are scores of schools offering different certificates and degrees to get a job in this occupation. Of course the most popular degree in this industry is the CISSP -- Certified Information System Security Professional which takes 5 years of experience, practice in two of ten domains they list and passing a 250 question test. The articles that I read for this paper talked about lots of things to do with security management.

The biggest problem that I saw according to the articles was more companies should give their employees a bonus every year that they haven't had security breaches instead of giving them bonuses for fixing security breaches. It does seem like they are going about things backwards. Security Management Background Section for Security Management People have always had problems with someone wanting to steal from them, and companies have always had to have some type of security in place.

It used to be that all you needed was to lock your doors, then you needed to lock your doors and windows and place valuable information in a lock box or a safe, to keep it safe from burglars. Nowadays, the problems are much more intense. Most forward thinking companies have their vital information cached in a computer since a computer can hold reams of information and you don't have to have huge supercomputers, but small laptops or desktops.

Most if not all computers in companies that have valuable information in them are connected to the internet and therein lies the problem. Unfortunately, the so-called "bad guys" are also connected to the internet and they can use the internet to steal your trade secrets, financial data and private data about yourself, your employees and the people you do business with.

One person stealing my password for example, could get into my bank and steal my money, or charge lots of items to my credit card and get away with literally thousands of dollars that I don't have. Ideally, I would be able to get it all taken care of but it would take weeks, possibly months or years to get it fixed and in that time, I could lose my house, my car and my good credit. That is just one person.

Now suppose I have a business that sells shoes, for example, and someone is able to hack into my computer and download all my customer files, which would include their credit card numbers, their home addresses, phone numbers, etc. This happened a few years ago when someone did this to DSW Shoes and if you look for it, you can probably find several business that are hacked into every week. It becomes even more scary when the company that is being hacked into has vital security information in it.

The term "Wiki leaks" comes to mind. Although Wiki Leaks doesn't have or hasn't published information that could comprise our national security, it has published things that could embarrass countries, including the United States. It also comprised banking information and almost caused a bank to shut down. One of the bigger problems with security management is that companies, including the federal government are spending way to much of their time at the back-end of the beast instead of coming at the head of the beast.

Or in other words, they are trying to fix the leak instead of strengthening the wall so that there is no leak. The best analogy I can think of is instead of building a storm shelter to save people from a possible tornado, or even investing in a system to alert people when a storm is coming, spending your money on rebuilding after the storm has hit. Probably not the best analogy, but I think you get the picture.

Security has moved into the space age, with fingerprint scans, eye scans and voice scans to name just a few as ways to make a safe room secure. Of course, with every new item to make things harder to get to, there are new ways to bypass the security protocols, that is just the nature of the beast.

The United States government has formed a partnership with other countries to try and make cybercrime something that criminals can be prosecuted for across the world, however, some countries have little to no cybercrime, so they see little need for an across the board group of rules and regulations to cut down on the crime. Most cybercrimes are committed against the United States and countries such as Great Britain and Australia and some other European countries.

Some smaller countries or countries that haven't quite caught up with the computer age don't have laws on the books to charge someone caught hacking into computers in their country.

The problem with the internet, is that someone can sit in a small country that just barely has computer capabilities and hack into a computer system in another country such as the United States and even if we were to track the hacker down and pinpoint exactly where they are, if that country doesn't have laws in line with us or extradition programs, then it is all but impossible to prosecute the criminal.

Analysis Section of Security Management I learned that security management is an on-going problem with companies and governments. There are constantly new viruses and worms and other things to steal data from computers or to shut down computers and data. One of the things I learned about this subject is the different degree programs that are springing up across the country to get people ready to work in this field.

One of the main degree programs is CISSP -- Certified Information System Security Professional which takes 5 years of experience, practice in two of ten domains they list and passing a 250 question test. Of course there are other degree programs at different universities and technical schools, but it does seem that this is the job of the future. The short article Industry needs less ethical computer hacking, more risk management strategies by Jay G.

Heiser retrieved from http://searchsecurity.techtarget.com/Industry-needs-less-ethical-computer-hacking-more-risk-management-strategies discusses the fact that too many companies are taking the wrong approach to internet security by hiring people to "put out fires" rather than make their program or company invulnerable to attack. Had a good suggestion, pay their security people a bonus for a year with no security problems or breaches rather than paying them extra for fixing the breach after the fact.

The short article Automated attack toolkits single biggest threat to Web apps, report finds by Hilary O'Rourke reports that a study done over a 6-month period from December.