StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Information Security Officer in a Well-Defined Process - Assignment Example

Cite this document
Summary
The paper "The Information Security Officer in a Well-Defined Process" gives detailed information about a reference for the management, administration, and other technical operational staff. If considering the enterprise government, focus on executing management actions…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.9% of users find it useful
The Information Security Officer in a Well-Defined Process
Read Text Preview

Extract of sample "The Information Security Officer in a Well-Defined Process"

Information Security Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world (Conklin et al. 2009). A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security management procedure. The aim is to provide a reference for the management, administration and other technical operational staff. If considering the enterprise government, focus on executing management actions is required to support the strategic goals of the organization (JOHNSTON et al. 2009). It has been calculated approximately half of the breaches to the security of the information systems are made by the internal staff or employee of the organization (Spears et al. 2010). Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues. The standard of the incident management primarily relates to ensure the existence of processes rather than the contents of these procedures. The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization need to tailor the security incident handling plan according to specific operational requirements. Organizations invest enormous money to buy and install computing equipments for securing their networks. Information systems security is a challenge for executives and the information technology professionals (Dhillon et al. 2006).Organizations focus on performance and efficiency of the security equipments. This is not enough, as human intervention and a proper plan need to be defined. The information technology professionals are not only responsible for securing the information systems, all the employees of the organization are responsible (Rotvold 2008). One needs to know what an incident is, before making a plan for dealing with the computer incidents. A simple definition is available in network dictionary which says “An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.” For organizations to be competitive with network incidents, they must lay a foundation within the organization for incident handling. The incident handling procedure refers to an action plan associated with security breaches, thefts, distributed denial of service, fire, floods etc. Incident handling consists of six-step process: research, classification, restraint, purge, revival, and lessons learned. The information security should be handled internally and externally by the employees of the organization. They will be supported by the security teams with high-powered information security officers. The employees who do not have insufficient skills in dealing with information security, they can perform well in reducing risk factors (Bulgurcu et al. 2010). In each major business unit, an employee with a skill set of solid risk management and project management can be a good choice to be an information security officer. Likewise, the primary objective is to enforce policies and train the end users for following the procedures made for each policy. Moreover, acceptable use for networks and data on information systems must be communication, as end users can download suspicious codes or emails from the Internet etc. furthermore, if the company decides to outsource its security operations to another company, this will save cost but at the same time increase risks to critical information if no care has been taken for choosing a reliable business partner. Non disclosure agreement must be signed by the service organization and skill evaluation of the staff should also be considered. Furthermore, service level agreements must also be decided to get the relevant services on time along with performance efficiency (Goodwin 2003). 1.1 Incident Management It is the information depletion that will be undesirable to the welfare of the organization. It is an adverse event in an information system or network that poses a threat to computing equipment or network security in reverence of availability, integrity and confidentiality. Incidents which are not within the capacity consisting of natural disaster, hardware or software collapse, data transmission failure, power interruption etc. are addressed by the disaster recovery plan of the organization Security incidents involves unauthorized access, unauthorized utilization of services, denial of resources, interruption of services, conciliation of protected data, network system permissions, leaks of confidential data in electronic form, malicious demolition or amendment of data, information, dissemination and intrusion, misuse of computing equipments, computer viruses and fraud, and malicious scripts affecting set of connections of the systems or network. 1.2 Incident handling Security incident handling is the continuous process which prevail the activities before, during and after a security incident occurs. Security incident handling commence with the arrangement and preparation for the resources, and developing appropriate measures to be pursued, such as the escalation and security incident response processes. Organizations must develop a security policy for handling incidents. The security policy exhibit management commitment for supporting information security (Saint-Germain 2005).When a security incident is perceived, security incident response is prepared by the responsible teams following the predefined measures and actions to be performed. The team represents the behavior or actions carried out to deal with the security incident and to reinstate the system to normal operation. Precise incident response teams are usually created to perform the tasks of creating security incident retort. When the incident is handled, actions will be taken to follow up and evaluate the incident. This action is performed for strengthening security protection to prevent recurrence. The revision of planning and preparation task is completed and revised accordingly to make sure that there are ample information security resources. They include manpower, equipment, technical expertise and properly defined procedures to deal with potential incidents. 2 IMPORTANCE OF SECURITY INCIDENT HANDLING Organization must develop a security incident handling plan. The plan is vital for the effective operations of the computer environment. Organizations need to ensure for the required resources are available for handling the incidents occur. All parties must know regarding their responsibilities and have a clear understanding related to the task they will perform if any incident issue occurs. They must follow a pre defined procedure. The teams should perform actively for handling the security incident for recovering the issue in minimum downtime. The response activities should be co ordinate with each other with clear understandings. Reduce the probable impact of the incident in terms of information breach and system interruption etc The experience of how the incident has been solved and what expertise was utilized needs to be shared between each member of the incident response team. ; The prevention of further attacks and damages Tacking the legal issues 2.1 Key Elements to be protected Computing equipments having external connection, e.g. Internet Databases having critical financial data and information Mission critical systems Other systems having a highly adverse impact if a security incident takes place. An incident management team is required for managing network incidents via a proper plan. Incident response teams consist of groups of professional responsible for eliminating information security incidents when they take place. The group of people consists of customer support specialists, system administrators, information security managers, Information security officers, and chief information officers. 3 Role of the Information Security Officer Security management is essential for every organization. “Information security, protecting the confidentiality, integrity, and availability of information is the top investment priority for many manufacturers”. It is the ultimate goal of the incident management security team to minimize the downtime of the incidents. The information security officer has key responsibilities. The security officer plays a vital role because the escalation initiates from this point. The information security officer is responsible for reporting an incident which has occurred in the organization. The organization needs to identify the skills of the employees suitable for handling the incidents occurring on the systems, network, database, and applications. Employees of the organization consisting of the account staff, receptionist, sales team, office boys etc. The information is everywhere in the organization, in the form of files and cabinets. The organization cannot reply on staff to rely on, until they are not security experts. In order to protect financial data, which is the lifeblood of any organization it is not enough. The current staff will not be able to handle security incidents due to insufficient skills. Security team with experts is required to take place (Hayes 2008, Hayes 2008). The information security officer must have the expertise to thoroughly analyze the incident report and activate the security team. The information security officers will also assist and identify any resource which will help in assisting the security team. After the incident identification and reporting, the information security offices will report the computer security incident to the information security manager and chief information officer. For legal issues, the local police will also be reported. Identification and reporting of legislative issues within the network is also the responsibility of the information security officer. The information security officer then creates a report by gathering the required issues occurred related to the incident. The report is submitted to the chief information officer including all the details regarding the incident. 4 Conclusion The organizations can train internal employees for performing certain tasks related to incident management security. It is also predicted that 50% of the security breaches are held by the internal staff of the organization. For administrative and complex tasks, security professional with the required skills is required for handling the issues. The organizations must define a policy and a plan in order to eliminate issues through a well defined process. The information security officer initiates and escalates the issues to the incident security manager in a well defined process. The information security officer must align and inform the related teams in order to minimize the time. The information security officer then escalates the incident to the information security manager and the chief information officer. A formal report with the complete details is send and a copy is maintained by the information security officer. For legal incidents, a local police is informed to carry out the operation. References , 2007a. Incident Handling. Network Dictionary, 03, pp. 342-342 ISSN 9781602670006. , 2007b. Incident Response Team. Network Dictionary, 03, pp. 242-242 ISSN 9781602670006. , 2006. Information Security Standards Focus on the Existence of Process, Not its Content. Communications of the ACM, 08, vol. 49, no. 8, pp. 97-100 ISSN 00010782. BULGURCU, B., CAVUSOGLU, H. and BENBASAT, I., 2010. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 09, vol. 34, no. 3, pp. 523-A7 ISSN 02767783. CONKLIN, W.A. and MCLEOD, A., 2009. Introducing the Information Technology Security Essential Body of Knowledge Framework. Journal of Information Privacy & Security, 04, vol. 5, no. 2, pp. 27-41 ISSN 15536548. DHILLON, G. and TORKZADEH, G., 2006. Value-Focused Assessment of Information System Security in Organizations. Information Systems Journal, 07, vol. 16, no. 3, pp. 293-314 ISSN 13501917. DOI 10.1111/j.1365-2575.2006.00219.x. GOODWIN, B., 2003. Businesses Need both Local and Central IT Security Officers. Computer Weekly, 06/03, pp. 16 ISSN 00104787. HAYES, F., 2008. Security Team. Computerworld, 04/14, ISBN 00104841. JOHNSTON, A.C. and HALE, R., 2009. Improved Security through Information Security Governance. Communications of the ACM, 01, vol. 52, no. 1, pp. 126-129 ISSN 00010782. ROTVOLD, G., 2008. How to Create a Security Culture in Your Organization. Information Management Journal, Nov, vol. 42, no. 6, pp. 32-38. SAINT-GERMAIN, R., 2005. Information Security Management Best Practice Based on ISO/IEC 17799. Information Management Journal, Jul, vol. 39, no. 4, pp. 60-66. SPEARS, J.L. and BARKI, H., 2010. User Participation in Information Systems Security Risk Management. MIS Quarterly, 09, vol. 34, no. 3, pp. 503-A5 ISSN 02767783. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Managing Information 2 Assignment Example | Topics and Well Written Essays - 1500 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1498508-managing-information
(Managing Information 2 Assignment Example | Topics and Well Written Essays - 1500 Words)
https://studentshare.org/information-technology/1498508-managing-information.
“Managing Information 2 Assignment Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/information-technology/1498508-managing-information.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Information Security Officer in a Well-Defined Process

Harmony and Security in the Society

If there was reasonable ground and evidence to believe that she had actually committed the crime, the superintendent officer in the police station would have exercised his authority to extend the detention period to 36 hours as the law provides (Strange, 2001).... The process may not have resulted to the said person being arrested but the fact that she refused to cooperate with the officers, after she allegedly refused to stop at the request of the officers and the pulling of her arm from the restraining arm of the officer, may have raised suspicion hence arising the need to conduct more investigation on her innocence....
4 Pages (1000 words) Essay

The Federal Chief Information Officer Roadmap

Federal CIO has the responsibility of assessing the information Resource Management skills required for agency IT personnel.... The federal CIO further has the duty of placing specific plans for hiring IT staff, training the IT workforce and ensuring the personnel of the information Technology Department has the requisite professional training.... This is linked to the agency's development and budget submission process.... From the paper "The Federal Chief Information officer Roadmap " it is clear that despite the general duties of all CIOs, federal CIOs have distinct CIO mandates that are determined by the scope and nature of roles in a federal agency....
11 Pages (2750 words) Case Study

Ethics in Information Systems

Likewise, the information retrieved from databases connected to CRM provides personalized processes for an organization to target customers.... However, data privacy and data security are not enough.... A mechanism is required to examine the possibilities of security breaches in a network.... However, in order to prevent customer data, a number of strategies can be defined are demonstrated below: Persistently maintaining data protection controls and procedures aiding in optimum data integrity An incident response plan that can be triggered, whenever a security breach is found within the network or servers maintaining customer data....
5 Pages (1250 words) Term Paper

Security Planning

To what degree is workplace violence a problem in the United States What factors contribute to it What, if anything, can be done to reduce the incidence of violent crime in the workplace Do private security organizations play a role in the solution … Answer 1) Workplace violence is violence or the threat of violence against workers.... Such an assessment will help the organization to fully understand the particular safety and security needs of the workplace - information that will help shape its prevention efforts....
14 Pages (3500 words) Assignment

Social Marketing, Sustainability and Racism in Australia

Therefore, it is imperative that organization takes account of their network for security threats and for this hire a security expert who guides the management on how to secure organization's network and… In addition, it is yet vital and significant to maintain exceptional security in a networked structure.... The security management can involve the handling and implementation of the security measures for the securing of network and corporate business information....
15 Pages (3750 words) Essay

Industrial Security Plan

On the formulation of a policy, a security officer would ensure that all employees are alerted and in addition monitor on the compliance.... The officer may also find it necessary to ask each employee sign a statement accepting receipt of the information.... The safety officer A safety officer supervises workplace activities to make sure that workers comply with organizations government safety regulations and policies.... In these inspections, a safety officer checks for broken and damaged equipment, slip and fall hazards and other likely hazards (Subramanian, 2006)....
7 Pages (1750 words) Assignment

The Role of the Information Security Officer

In the paper “The Role of the information security officer” the author looks at the field of information security, which deals with the security of information against threats like illegal access, leakage of confidential information, interference between flows of information between organizations.... Impact of information security ThreatsAccording to (Williams, 2007; Pesante, 2008; Turban et al.... 2005), there are some information security risks those can be faced by the users such as • They must be able to trust on the information which they are using....
12 Pages (3000 words) Dissertation

Information System Security Plans

The security plan, through the associated CIO, should review all requests for policy exception and respond to the requesting officer in a timely manner.... hellip; The desire to have the applications in place has been pushed by the recent attacks that initiated the need to ensure the highest level of information security practices.... The basic document in the security process has been the IT since it defines features and controls of the system security....
5 Pages (1250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us