StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Developing the Corporate Strategy for Information Security - Assignment Example

Cite this document
Summary
The paper "Developing the Corporate Strategy for Information Security" discusses that the operational duties of digital forensic professionals include securing the data from various system vulnerabilities so that it does not get manipulated and the integrity of the investigation remains intact…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.8% of users find it useful
Developing the Corporate Strategy for Information Security
Read Text Preview

Extract of sample "Developing the Corporate Strategy for Information Security"

? Developing the Corporate Strategy for Information Security The Chief Information Security Officer (CISO)’s functions within an organization a. Three (3) specific functions of a Chief Information Security Officer (CISO) Assessment of the Risk One of the several functions of a CISO is to assess the risks associated with the confidentiality obligations bestowed on the organization and its stakeholders based on mutual benefits. Accordingly, CISO needs to analyze the potential threats associated with various crucial information of the organization that might hamper the interests of the organization on the whole or that of its stakeholders (Whitman & Mattord, 2010; Homeland Security, 2007). Example: Implementation of this function in the organization can be done through the utilization of risk assessment tools in order to depict potential risks to information security. Management of the Risk Another vital function of CISO is managing the risks, which are interrelated with the functions of continuous assessment. Based on the results of the assessment, the officer is liable to develop strategies and plans in order to mitigate these threats (Whitman & Mattord, 2010; Homeland Security, 2007). Example: In an organization, this function can be accommodated by determining risk management strategies, having continuous monitoring of the organizational processes. Implementation of Designed Program Another vital function of CISO calls for proper implementation of the designed programs to ensure that the organizational strategies are applied in an ethical and hazard-free manner. This function of the officer is quite vital, as efficiency of the other functions tend to be highly depended on its proper execution (Whitman & Mattord, 2010; Homeland Security, 2007). Example: For the effective execution of this function, the CISO would need to utilize management techniques so that successful implementation of the organizational strategies can be assured. b. Three (3) competencies of CISO Access Control The CISO needs to be familiar with the standards that are obligatory in accessing control in the information. Furthermore, they should also have to comprehend the various factors that can assist them in designing an effective control plan. They must also have the competency to manage a control plan restricting inappropriate access to information that may hamper organizational interests either directly or indirectly (EC-Council, 2013; Homeland Security, 2007). Physical Security In accordance to this competency, CISO will need to be familiar with the standards, policies and laws associated with physical security. In this regard, it would also be vital for the CISO to determine the importance of such physical assets for any organization. Owing to this understanding, CISO will be able to gain the competency to manage and develop a coherent plan to ensure the overall information security within the organization (EC-Council, 2013; Homeland Security, 2007). Risk Management Mitigation as well as proper treatment of the threats being identified, is among the core competencies of CISO. In this regard, CISO should also need to be aware about the various resources that would be required towards determining proper risk management plan for the potential threats. It would be worth mentioning in this regard that successful mitigation of risk is directly dependent on this competency of CISO (EC-Council, 2013; Homeland Security, 2007). 2. The Chief Information Officer (CIO)’s functions within an organization a. Four (4) functions of CIO Manage A major function of a CIO is to determine the risks associated with information security of an organization. This can be done on the basis of facilitated understanding of policies and regulatory norms, related to managing the information. These functions will also include managing the strategic plans as well as programs associated with the information technology practiced within an organization (United States Dept. of Homeland Security, 2011; Homeland Security, 2007). Example: This function of a CIO can be executed within an organization with the understanding of its policies pertinent to information technology and execute them accordingly. Design In accordance with the aforementioned functions, the CIO is also held responsible to initiate security compliance program with regard to minimizing the depicted risks. This function of CIO will aim towards designing a receptive and reliable information security infrastructure within the organization (United States Dept. of Homeland Security, 2011; Homeland Security, 2007). Example: CIO can execute this process within an organization through the assessment of their data threat and develop plans of mitigation accordingly. Implement CIOs are also responsible to closely supervise the designed programs for security assurance. This function also binds the CIO to manage as well as provide a direction to the programs designed for information security (United States Dept. of Homeland Security, 2011; Homeland Security, 2007). Example: Within an organization, this function of CIO can be implemented with the help of management at the initial stage and later, with the participation of the staff members at every stage of the organization. Evaluate Another major function of the CIO is to assess the implemented programs and depict whether those comply with the standards, policies and regulatory norms of the organization. This particular function of CIO can also be considered as a review process, where the effectiveness of the implemented programs is ensured with utmost priority (United States Dept. of Homeland Security, 2011; Homeland Security, 2007). Example: Within an organization, this function can be executed through reviewing the performances of its implemented information security. b. Two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program Expectedly, Security Awareness, Training and Educational Programs are believed to be capable of assuring security up to a marginal extent. In this context, below are the listed two security assurances that a CIO can achieve by developing a formal security awareness, training, and educational program. i. Through training and education, CIO will be able to make employees and authorities more aware about the type of security threats identified to information, which will further make them more reluctant towards performing the tasks that can lead to such threats (United States Dept. of Homeland Security, 2011) ii. Through proper security awareness, training, and educational programs, CIO can ensure that all the employees possess the competencies to take requisite actions for restricting such occurrences, being adequately aware of their roles, responsibilities and obligations towards the information security issues (United States Dept. of Homeland Security, 2011). c. Suggestions Protecting Functions of Organization At the onset, the CIO should implement a security system that protects the day to day functioning of the organization. It is through improper and careless handling of day to day data that augment the threat to information security. So, it would be crucial for the CIO to have control on the day to day information dealing of enterprise (Whitman, 2012). Safe operation of Application It is apparent that most of the business transactions now-a-days are dependent on the use of Information Technology (IT). Moreover, improper functioning of these applications further augments the threat towards information data. Hence, the CIO should develop strategies of implementing trustworthy technologies so that the data threat could be minimized initially (Whitman, 2012). 3. Impact of digital forensics functions on security efforts of organization Digital forensics has become a vital part of security efforts in organizations. It involves the application of science with regard to recognizing, collecting as well as examining data to maintain integrity when taking security efforts. An organization also needs to maintain a strict supervision to secure confidential data in which, digital forensics play a vital role, along with other security measures. Computer crimes, involving data thefts, have become an evident scenario today. Contextually, digital forensics, along with other security programs comply with this particular scenario, where classified information of organization remains at high threat. It investigates the computer crimes and enables organizations to provide data to the court. Furthermore, it also helps organizations to recover information that are lost accidently. These facets affirms that digital forensic contribute towards balancing security efforts of any organization through collaborative operation with other security measures (Information Technology Laboratory, 2010). 4. Operational duties of digital forensics and its role in building integrity in investigation The operational duties of forensics are vital with regard to their integrity towards the investigation. In accordance, they must be able to coordinate with all the other members of the investigations including legal advisors and security managers. Furthermore, in investigations involving governmental as well as law enforcement groups, the digital forensic investigator will need to collect pertinent evidences of the cases irrespective of any external pressure. This will further as assist the CIO to maintain integrity throughout the investigation procedure. Operational duties of digital forensic professionals also include securing the data from various system vulnerabilities so that it does not get manipulated and the integrity of the investigation remains intact. Additionally, the professionals also have the obligation to ensure value of the investigation along with maximum accuracy. The professionals should take the responsibility wherever necessary and ensure reliability, validity as well as comprehensiveness of the investigation with utmost integrity. These approaches or duties performed with proper compliance, will certainly contribute towards maintaining the overall integrity of the investigation (United States Dept. of Homeland Security, 2011). 5. Three (3) technical resources of digital forensics professionals Multifunction Printer (MFP) It is among the most vital tools available for digital forensic personnel. It is mostly used in investigations where various evidences are available from more than one source. It is a network appliance that is organized on local information network practiced in the organization, which further ensures a secure, web-based analytical interface to all the computers of organization (Richard III & Roussev, 2006). Content-Based Image Retrieval (CBIR) Techniques Digital forensic personnel need to deal with crucial tasks of probing a large quantity of pictures with the intention to depict potential facts. In this regard, Content-Based Image Retrieval (CBIR) is a technical resource that can help them to perform this task. It is used to resolve queries related to contraband images as well as images of some known people. This system works by extracting as well as assimilating various features of images and investigating the same to conclude a result (Richard III & Roussev, 2006). Automated Video Summarization Through this technical resource, forensic department professionals attempt to extract certain crucial images from a live streaming video. Subsequently, these images extracted from the video can be processed and investigated through techniques of clustering of images, which further enables identification of the images witnessing security hazards (Richard III & Roussev, 2006). References EC-Council. (2013). Information security core competencies. Retrieved from http://www.eccouncil.org/ciso/dominion/core-competencies Homeland Security. (2007). IT security essential body of knowledge (EBK): a competency and functional framework for it security workforce development. Retrieved from http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2007-12/ISPAB_Dec7-BOldfield.pdf Information Technology Laboratory. (2010). Forensic techniques: helping organizations improve their responses to information security incidents. Retrieved from http://www.itl.nist.gov/lab/bulletns/bltnsep06.htm Richard III, G. G., & Roussev, V. (2006). Digital forensics tools: the next generation. Retrieved from http://cs.uno.edu/~vassil/pdf/nextgen-chapter Whitman, M. E., & Mattord, H. J. (2010). Management of information security. Boston: Cengage Learning. Whitman, M. E. (2012). Guide to network security, 1st ed. Boston: Cengage Learning. United States. Dept. of Homeland Security. (2011). Cybersecurity: the essential body of knowledge, 1st ed. Boston: Cengage Learning Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Developing the Corporate Strategy for Information Security Research Paper”, n.d.)
Developing the Corporate Strategy for Information Security Research Paper. Retrieved from https://studentshare.org/information-technology/1484830-developing-the-corporate-strategy-for-information
(Developing the Corporate Strategy for Information Security Research Paper)
Developing the Corporate Strategy for Information Security Research Paper. https://studentshare.org/information-technology/1484830-developing-the-corporate-strategy-for-information.
“Developing the Corporate Strategy for Information Security Research Paper”, n.d. https://studentshare.org/information-technology/1484830-developing-the-corporate-strategy-for-information.
  • Cited: 1 times

CHECK THESE SAMPLES OF Developing the Corporate Strategy for Information Security

Information Systems Strategy Development for Makkah Municipality

This paper will provide the analysis of different aspects of the new information systems and information technology infrastructure implementation at Makkah Municipality.... hellip; The present age is acknowledged as the age of information technology and contemporary tools and techniques of information technology are taking part almost in every walk of life.... In addition, the areas of business are also extremely influenced by information technology....
11 Pages (2750 words) Case Study

Management Information

This report outlines the new information system (IS) strategy for the Golden Fleece Hotel.... This report onward will present some of main aspects regarding development of the new information strategy (IS) strategy for the Golden Fleece Hotel.... In addition, this report will offer an analysis of the key aspects of information system strategy and how it will increase revenue for the organization.... However, by seeing the potential enhancements in the field of information technology the management of Golden Fleece has decided to implement and incorporate new technology to manage the business operations....
10 Pages (2500 words) Essay

The Development Information Security

Consequently, this ever-increasing security threat has led to the development of numerous information security standards.... This security framework provides steps to establish best suited information security Management System (ISMS) for SMEs.... This essay describes increasing trend of digitized information, globalization of markets and resources has accelerated the incident of data loss and security issues.... hellip; security risks for large, small or medium enterprises are alike....
25 Pages (6250 words) Essay

The Client Base of ISACA

t was with the strategic implementation of S22 that ISACA also emphasized developing its Control Objectives for information and Related Technology (COBIT) framework to suffice the needs of its member IT professionals.... he client base of ISACA is widely distributed among professionals in the information governance sector, in addition to professionals in the controlling, auditing, and security fields of various large corporate organizations.... It is due to this vividness that securing an effective security system in its IT services has remained crucial in order to attract valuable customers and retain profitability in the long run....
13 Pages (3250 words) Case Study

Security Options

nbsp;Yet another significant reason to establish policies is to organize the multifaceted tasks of information security.... In the paper “security Options” the author analyzes the Computer security concentration, which focuses on basic security matters that occur in the design, study, and execution of distributed systems.... hellip; The author states that setting up a corporate security policy is one of the vital steps in establishing a strong and secure organizational context....
8 Pages (2000 words) Assignment

The Creation of a Corporate Security Management Strategy: Organizational Survival

The aim of this paper is the emerging risks and security management strategies in the 21st century is to provide the framework that decision-makers, especially senior management officers in multi-national corporations, can follow in establishing a unified corporate security management capability.... hellip; The main objective of this paper is to explore the emerging risks and security management strategies in the 21st century which has resulted in the increased interconnectedness....
12 Pages (3000 words) Research Paper

Developing a System for CalaKare Pty Ltd to Manage the Documentation Problem

Moreover, the paper also elaborates on the development of opportunity at the niche market by the organization that has been operating from Perth… The research even details out the contributions of employees operating in the information security group to find an opportunity for the organization in the niche market.... In this context, an opportunistic employee operating in the information security group plans to design a system that would help in implementing a risk management tool to ensure continuous business development....
16 Pages (4000 words) Research Paper

The Role of CIO in Effective Information Technology Strategic Planning through Corporate Governance

The paper "The Role of CIO in Effective information Technology Strategic Planning through Corporate Governance" compares the earlier governance models with the 21st-century management models used by the CIOs.... The new technologies are compelling CIO's to strategize effectively on how to utilize knowledge, resources, and the ever changing trends that are in information technology.... The paper will also explore the two game-changing facets of corporate governance and strategic planning that did not exist earlier....
10 Pages (2500 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us