System Security "As a Manager, How Would

¶ … System Security "As a manager, how would you plan on securing organizational data? How does security effectiveness and relative cost figure into those plans?" The more critical aspect of any enterprise-wide security management strategy is to align system resources to the strategic initiatives and goals of an organization. Increasingly this is being accomplished through the use of role-based access and authentication privileges and process workflows that audit and evaluate use of sensitive information (Shih, Wen, 2005).

The role of enterprise security management drastically changes however when ubiquitous Web Services are used for capturing, aggregating, analyzing and effectively using confidential data to make financial decisions (Phifer, 2011). The intent of this analysis is to evaluate how intrusion and intrusion detection systems can be used in the 21st century, state-of-the-art IT systems that are to a large extent Cloud-based and often have remote access points that make them particularly vulnerable (Phifer, 2011).

Also included is an assessment of the types and threats from hackers and the risk they pose to confidential corporate data. Enterprise best practices dictates that a company control assets by multiple levels, authentication approaches and through architectural constraints that minimize risk while also providing agility and quickness of retrieval (Microsoft, 2011).

Enterprise System Security in the 21st Century For any manager given the task of securing organizational data, the greatest challenge is spending just enough to protect confidential information assets while at the same time providing the flexibility of getting to information needed to make a decision. Intrusion and intrusion detection systems are today designed beyond the baseline of authentication technologies and the use of simple passwords.

It is possible to protect information assets using biometrics in addition to a constraint-based algorithm that prompts for specific responses only a person in a given role in a company would have access to (Shih, Wen, 2005). As part of enterprise security management best practices, averting intrusion is today more focused on streamlining access for authenticated and verified professionals needing the data (Microsoft, 2011).

Using Business Process Management techniques to optimize the navigation through security-based networks, companies attaining best practices in security management are able to avert the time overhead placed on users by making information and data flow more aligned to specific roles and responsibilities (Shih, Wen, 2005). In terms of arbitrating the costs of IT security for Web-based services and applications, the proliferation of Cloud-based enterprise applications and systems has completely re-order Web security (Phifer, 2011).

Many enterprises begin initially by concentrating on securing the entry points of their networks at the Virtual Private Network (VPN) point in addition to the dial-up and inbound traffic points on a network (Microsoft, 2011). Advanced Web Services whoever have the potential to redefine authentication and access by role and also by task, so that access to only specific regions of a given table in a database can be used for example (Shih, Wen, 2005).

As Cloud-based enterprise applications become more prevalent, this type of role-based and contextually-driven security search will be critical for firms who are in high-velocity business models and where transaction speeds are very rapid. Web Services-based systems that have the ability to deliver such contextual levels of access are not as susceptible to hacking and intrusion given their highly specific definition of identities (Microsoft, 2011).

From the CIO's standpoint these types of technologies are more expensive than the traditional approaches to intrusion detection and en masse security, yet they are worth it because it significantly can reduce loss of data from break-ins and hacking. Another aspect of a robust Web Services strategy that relies on contextual and role-based security is the ability to audit and track activity globally in real-time (Shih, Wen, 2005).

This approach to security results often in pattern matching and intrusion prediction based on failed login or authentication requests occurring throughout a company network (Phifer, 2011). The more expensive systems will route-track and use prediction algorithms to thwart break-ins. For the average CIO however this can become quite expensive. Enterprise software vendors realize that this approach to contextual.