The Information Security Officer in a Well-Defined Process - Assignment Example

Information Security Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world (Conklin et al. 2009). A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security management procedure. The aim is to provide a reference for the management, administration and other technical operational staff. If considering the enterprise government, focus on executing management actions is required to support the strategic goals of the organization (JOHNSTON et al. 2009). It has been calculated approximately half of the breaches to the security of the information systems are made by the internal staff or employee of the organization (Spears et al. 2010). Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues. The standard of the incident management primarily relates to ensure the existence of processes rather than the contents of these procedures. The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization need to tailor the security incident handling plan according to specific operational requirements. Organizations invest enormous money to buy and install computing equipments for securing their networks. Information systems security is a challenge for executives and the information technology professionals (Dhillon et al. 2006).Organizations focus on performance and efficiency of the security equipments. This is not enough, as human intervention and a proper plan need to be defined. The information technology professionals are not only responsible for securing the information systems, all the employees of the organization are responsible (Rotvold 2008). One needs to know what an incident is, before making a plan for dealing with the computer incidents. A simple definition is available in network dictionary which says “An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.” For organizations to be competitive with network incidents, they must lay a foundation within the organization for incident handling. The incident handling procedure refers to an action plan associated with security breaches, thefts, distributed denial of service, fire, floods etc. Incident handling consists of six-step process: research, classification, restraint, purge, revival, and lessons learned. The information security should be handled internally and externally by the employees of the organization. They will be supported by the security teams with high-powered information security officers. The employees who do not have insufficient skills in dealing with information security, they can perform well in reducing risk factors (Bulgurcu et al. 2010). In each major business unit, an employee with a skill set of solid risk management and project management can be a good choice to be an information security officer. Likewise, the primary objective is to enforce policies and train the end users for following the procedures made for each policy. Moreover, acceptable use for networks and data on information systems must be communication, as end users can download suspicious codes or emails from the Internet etc. furthermore, if the company decides to outsource its security operations to another company, this will save cost but at the same time increase risks to critical information if no care has been taken for choosing a reliable business partner. Non disclosure agreement must be signed by the service organization and skill evaluation of the staff should also be considered. Furthermore, service level agreements must also be decided to get the relevant services on time along with performance efficiency (Goodwin 2003). 1.1 Incident Management It is the information depletion that will be undesirable to the welfare of the organization. It is an adverse event in an information system or network that poses a threat to computing equipment or network security in reverence of availability, integrity and confidentiality. Incidents which are not within the capacity consisting of natural disaster, hardware or software collapse, data transmission failure, power interruption etc. are addressed by the disaster recovery plan of the organization Security incidents involves unauthorized access, unauthorized utilization of services, denial of resources, interruption of services, conciliation of protected data, network system permissions, leaks of confidential data in electronic form, malicious demolition or amendment of data, information, dissemination and intrusion, misuse of computing equipments, computer viruses and fraud, and malicious scripts affecting set of connections of the systems or network. 1.2 Incident handling Security incident handling is the continuous process which prevail the activities before, during and after a security incident occurs. Security incident handling commence with the arrangement and preparation for the resources, and developing appropriate measures to be pursued, such as the escalation and security incident response processes. Organizations must develop a security policy for handling incidents. The security policy exhibit management commitment for supporting information security (Saint-Germain 2005).When a security incident is perceived, security incident response is prepared by the responsible teams following the predefined measures and actions to be performed. The team represents the behavior or actions carried out to deal with the security incident and to reinstate the system to normal operation. Precise incident response teams are usually created to perform the tasks of creating security incident retort. When the incident is handled, actions will be taken to follow up and evaluate the incident. This action is performed for strengthening security protection to prevent recurrence. The revision of planning and preparation task is completed and revised accordingly to make sure that there are ample information security resources. They include manpower, equipment, technical expertise and properly defined procedures to deal with potential incidents. 2 IMPORTANCE OF SECURITY INCIDENT HANDLING Organization must develop a security incident handling plan. The plan is vital for the effective operations of the computer environment. Organizations need to ensure for the required resources are available for handling the incidents occur. All parties must know regarding their responsibilities and have a clear understanding related to the task they will perform if any incident issue occurs. They must follow a pre defined procedure. The teams should perform actively for handling the security incident for recovering the issue in minimum downtime. The response activities should be co ordinate with each other with clear understandings. Reduce the probable impact of the incident in terms of information breach and system interruption etc The experience of how the incident has been solved and what expertise was utilized needs to be shared between each member of the incident response team. ; The prevention of further attacks and damages Tacking the legal issues 2.1 Key Elements to be protected Computing equipments having external connection, e.g. Internet Databases having critical financial data and information Mission critical systems Other systems having a highly adverse impact if a security incident takes place. An incident management team is required for managing network incidents via a proper plan. Incident response teams consist of groups of professional responsible for eliminating information security incidents when they take place. The group of people consists of customer support specialists, system administrators, information security managers, Information security officers, and chief information officers. 3 Role of the Information Security Officer Security management is essential for every organization. “Information security, protecting the confidentiality, integrity, and availability of information is the top investment priority for many manufacturers”. It is the ultimate goal of the incident management security team to minimize the downtime of the incidents. The information security officer has key responsibilities. The security officer plays a vital role because the escalation initiates from this point. The information security officer is responsible for reporting an incident which has occurred in the organization. The organization needs to identify the skills of the employees suitable for handling the incidents occurring on the systems, network, database, and applications. Employees of the organization consisting of the account staff, receptionist, sales team, office boys etc. The information is everywhere in the organization, in the form of files and cabinets. The organization cannot reply on staff to rely on, until they are not security experts. In order to protect financial data, which is the lifeblood of any organization it is not enough. The current staff will not be able to handle security incidents due to insufficient skills. Security team with experts is required to take place (Hayes 2008, Hayes 2008). The information security officer must have the expertise to thoroughly analyze the incident report and activate the security team. The information security officers will also assist and identify any resource which will help in assisting the security team. After the incident identification and reporting, the information security offices will report the computer security incident to the information security manager and chief information officer. For legal issues, the local police will also be reported. Identification and reporting of legislative issues within the network is also the responsibility of the information security officer. The information security officer then creates a report by gathering the required issues occurred related to the incident. The report is submitted to the chief information officer including all the details regarding the incident. 4 Conclusion The organizations can train internal employees for performing certain tasks related to incident management security. It is also predicted that 50% of the security breaches are held by the internal staff of the organization. For administrative and complex tasks, security professional with the required skills is required for handling the issues. The organizations must define a policy and a plan in order to eliminate issues through a well defined process. The information security officer initiates and escalates the issues to the incident security manager in a well defined process. The information security officer must align and inform the related teams in order to minimize the time. The information security officer then escalates the incident to the information security manager and the chief information officer. A formal report with the complete details is send and a copy is maintained by the information security officer. For legal incidents, a local police is informed to carry out the operation. References , 2007a. Incident Handling. Network Dictionary, 03, pp. 342-342 ISSN 9781602670006. , 2007b. Incident Response Team. Network Dictionary, 03, pp. 242-242 ISSN 9781602670006. , 2006. Information Security Standards Focus on the Existence of Process, Not its Content. Communications of the ACM, 08, vol. 49, no. 8, pp. 97-100 ISSN 00010782. BULGURCU, B., CAVUSOGLU, H. and BENBASAT, I., 2010. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 09, vol. 34, no. 3, pp. 523-A7 ISSN 02767783. CONKLIN, W.A. and MCLEOD, A., 2009. Introducing the Information Technology Security Essential Body of Knowledge Framework. Journal of Information Privacy & Security, 04, vol. 5, no. 2, pp. 27-41 ISSN 15536548. DHILLON, G. and TORKZADEH, G., 2006. Value-Focused Assessment of Information System Security in Organizations. Information Systems Journal, 07, vol. 16, no. 3, pp. 293-314 ISSN 13501917. DOI 10.1111/j.1365-2575.2006.00219.x. GOODWIN, B., 2003. Businesses Need both Local and Central IT Security Officers. Computer Weekly, 06/03, pp. 16 ISSN 00104787. HAYES, F., 2008. Security Team. Computerworld, 04/14, ISBN 00104841. JOHNSTON, A.C. and HALE, R., 2009. Improved Security through Information Security Governance. Communications of the ACM, 01, vol. 52, no. 1, pp. 126-129 ISSN 00010782. ROTVOLD, G., 2008. How to Create a Security Culture in Your Organization. Information Management Journal, Nov, vol. 42, no. 6, pp. 32-38. SAINT-GERMAIN, R., 2005. Information Security Management Best Practice Based on ISO/IEC 17799. Information Management Journal, Jul, vol. 39, no. 4, pp. 60-66. SPEARS, J.L. and BARKI, H., 2010. User Participation in Information Systems Security Risk Management. MIS Quarterly, 09, vol. 34, no. 3, pp. 503-A5 ISSN 02767783. Read More