How to decide on securing information and making decisions

Computer Security Analysis

Security Analysis

Managing security strategies for an enterprise requires intensive levels of planning and integration across each of the functional area, in conjunction with synchronization across departments, business units and divisions (Bellone, de Basquiat, Rodriguez, 2008). Enterprise Security Management strategies continue to become part of the overall strategic plans of an enterprise, supporting each strategic initiative and its related tactics to ensure profitable growth (Bellone, de Basquiat, Rodriguez, 2008). The aspects of intrusion detection, web security, deterring and defeating hackers, and the development and execution of an effective security strategic plan is the purpose of this analysis.

Defining A Framework for Enterprise Security Management

Developing an effective framework for managing security needs to begin with an analysis of an organizations' data availability, confidentiality and data integrity needs overall (Bellone, de Basquiat, Rodriguez, 2008). This is often defined as an Information Security Management Systems (ISMS) strategic plan or initiative as it seeks to synchronize security across all functional areas and systems. A successful ISMS implementation will be agile enough to respond to the needs of the organization for data access across all supported channels and systems while also having the highest levels of data security and validation to the role-based levels of employees as well (DiBattiste, 2009). When the strategic role of security is taken into account in conjunction with the overarching needs for role-based data access, the Confidentiality, Integrity and Availability (CIA) Model takes shape and delivers the framework needed to make security a core part of any strategic plan (Bellone, de Basquiat, Rodriguez, 2008). Figure 1, The Building Blocks of a Successful ISMIS Implementation., illustrates the concepts of this model. It also highlights how each must be balanced from a system standpoint in order to be effective.

Figure 1: The Building Blocks of a Successful ISMS Implementation

Source: (Bellone, de Basquiat, Rodriguez, 2008)

This model is often supplanted with more role-based analysis that denotes the processes and procedures of employees who need access to secured information to do their jobs. The following human-in-the-loop framework illustrates this concept (Cranor, 2008).

Figure 2: Human-in-the-Loop Security Framework

Source: (Cranor, 2008)

Using these frameworks as the basis of evaluating security strategies and defining anti-intrusion system fixes while re-architecting key integration points to make them secure is one of the most cost-effective strategies a company do (Miller, 2005). These frameworks also scale well for Web-based security and the potential of hackers to access confidential data through web servers, transaction systems or via the web content management systems (Miller, 2005). The primary benefit of using these frameworks however is in creating a unified, consistent strategy aimed at thwarting intrusion attempts throughout the entire complex of systems a company has (Mukhopadhyay, Chakraborty, Chakrabarti, 2011). Often security is dealt with on a highly fragmented, marginalized way, leaving the systems vulnerable at their integration points to attack (Mukhopadhyay, Chakraborty, Chakrabarti, 2011). Relying on a unified security model can do much to alleviate the risk inherent in the more complex system architectures as a result.