StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Building a World-Class Information Security Department - Research Paper Example

Cite this document
Summary
"Research Building a World-Class Information Security Department" paper argues that the new information security department will signal a major shift from the normal security arrangements of the organization. It will usher in a new template in data security through its direct and dynamic approach. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.7% of users find it useful
Research Building a World-Class Information Security Department
Read Text Preview

Extract of sample "Building a World-Class Information Security Department"

Research “Building a World Information Security Department.” al Affiliation) 7 Critical Elements necessary to build my Organization i) Policy and Compliance In recent years, many organizations have realized that it is illogical to adhere to individual regulations and build their security programs based on regulatory standards (Axelrod, Jennifer & Daniel Schutzer 26). This area will be primarily focused on considering all the regulatory, corporate, legal, and third-party security needs and then harmonizing and consolidating them into one security and policy framework. I will be much easier have a single framework and customize it to individual requirements and then seal any remaining loopholes as appropriate. I would employ SIM or GRC tools to harmonize, analyze, and report on compliance and policy. ii) System Policies and Architecture As soon as the corporate security and risk framework has been established, it will be mapped into lower-level procedures for the implementation teams. The policies and architecture team will be required to not only construct the architecture but also help in managing and monitoring compliance with architecture and system policies. iii) Program Management This area will be focused on the management of projects and resources for the information security group. It will be harnessed to ensure that necessary resources are assigned to projects and that timelines, service levels, and commitments from the security team are met. It will also be used to ensure that personnel are well-equipped and trained to execute their duties. iv) Business Liaison The security team and its programs must be aligned to business requirements and needs; this will help in ensuring that oversight and governance are complied with (Dhillon 24). Many organizations have special security liaisons in the business, but their responsibilities are usually not a formal component of their job descriptions, or if they are, other operational duties take precedence over this bit part role. I will have a designated business liaison for every significant business segment or at least make it a significant part of the job responsibility so that these people are able to spend enough time knowing and responding to business requirements and needs. v) Security Implementation This area will be focused on and emphasized in order to ensure that security technologies and tools are employed in the current environment in accordance with architectural needs. In addition to this, this area will ensure that IT operations management tools and custom applications being deployed, such as log management and network management, have appropriate and adequate security built into them. For instance, there may be applications where access control is very important to guarantee network management tools that monitor bandwidth and corporate IP protection that serve as the core means for good user policy enforcement. vi) Metrics, Reporting and Measurement The expectations for logical metrics and reporting keep increasing as information security continues maturing as a discipline (Tipton & Krause 41). It is insufficient to tell the CEO that 30,000 spam messages are blocked every week; the department will be expected to articulate how security contributes to the realization of the organization’s goals. For instance, a CISO (chief information security officer) created a secure online program for an organization, which in turn brought in an additional $350 million of revenue in 3 years for the organization. Rather than choke the organization in operational metrics, a security metrics program will be built that measures the operational factors and then translates them into logical metrics for the organization. vii) Infrastructure Security and Device Monitoring and Management This area will include and involve the following: managing the security components of infrastructure elements like networks, workstations, and servers; managing system weaknesses by creating and implementing the patch management process and carrying out network scans; ensuring that configurations of the security infrastructure (e.g. intrusion detection systems, intrusion prevention systems, and firewalls) adhere to security policies and are deployed in accordance with the architectural needs; and managing the security of remote workers and endpoints (Wylder 48). Hiring Strategy for Directors, Managers, Individual Contributors (e.g. Specialists – IDS engineer, system administrator, etc.) Directors, managers, and individual contributors (e.g. specialists – IDS engineer, system administrator, etc.) will be hired strictly on merit, individual ability, and experience. They will be subjected to stricter and more complex recruitment procedures. Aptitude tests and other measures of individual ability will be employed. Use of Contractors Contractors will be hired depending on the nature of a problem and the timeframe for its resolution. Internal expertise will be favored at all times and the right personnel will be drawn from within the organization. Contractors will be required in situations involving complex problems that require quick resolutions, more expertise, or more personnel (Whitman & Mattord 57). Off-shoring Talent The policy is to hire and make as much use of domestic expertise as possible, unless very talented individuals are identified, in which case the organization will move swiftly to recruit them. Reporting Structure within the Corporation Who Information Security reports to and why The CIO/CISO reports to the CEO. This is because the CEO and the board are becoming increasingly concerned about the effectiveness of the organization’s security controls, and this is because security is growing in importance and requires more funding so as to give the organization a comfortable environment in which to operate. Without adequate security arrangements the organization will simply not run (Straub, Seymour & Baskerville 38). Ensuring proper Span of Control Each and every member of staff must perform his/her duties to the latter. Delegation will only be tolerated if it is done in a responsible and considerate manner, therefore all members of staff should know their duties and exercise their powers as expected. Anyone who oversteps his/her authority will face the appropriate disciplinary measures, and delegation of extra duties must be accompanied by valid and logical reasons. Dealing with Vendor Management An automated vending system will be developed and employed in the management of all vending transactions. This will make it easier for not just the person directly responsible but also other members of staff to know what is going on in terms of vendor management. Dealing with Regulators, Internal Audit, and External Consultants All regulators, internal audit, and external consultants will be given adequate space and time they require to perform their work. The organization complies with the necessary regulations and is therefore comfortable with audits and compliance checks. External consultants will also be allowed to outline how they believe they will benefit the organization prior to being hired for their services. Timeframe and Criteria to ensure the success of the new Information Security Department The new information security department is expected to be fully operational within 6 months; this is sufficient time for preparation in terms of planning, recruitment, and budgeting. The criteria for ensuring success will involve the following: a) Sound, effective and appropriate operations policies have been formulated to guide the operation of the department; they must be complied with at all times. b) Proper budgeting and control over all financial aspects of the department. c) Good, relevant, and effective human resource management policies have been formulated; they must also be complied with. Proposed Solution The new information security department will be guided by sound and effective policies, and managed by adequate, highly qualified, dynamic, and knowledgeable staff. This will allow it to perform its duties as expected and help the organization move forward by providing it with a secure platform for growth and expansion. The department will be expected to handle all the current, potential, and future security concerns of the parent organization. Conclusion The new information security department will signal a major shift from the normal security arrangements of the organization. In addition to this, it will usher in a new template in data and information security through its direct and dynamic approach to the resolution of security concerns. It is therefore a necessity that will more than compensate for the time and funds required to create and maintain it. Works Cited Axelrod, C. Warren, Jennifer L. Bayuk, & Daniel Schutzer. Enterprise information security and privacy. Boston: Artech House, 2009. Print. Dhillon, Gurpreet. Information security management global challenges in the new millennium. Hershey, Pa.: Idea Group Pub., 2001. Print. Straub, Detmar W., Seymour E. Goodman, & Richard Baskerville. Information security policy, processes, and practices. Armonk, N.Y.: M.E. Sharpe, 2008. Print. Tipton, Harold F., & Micki Krause. Information security management handbook. 5th ed. London: Taylor & Francis e-Library, 2005. Print. Whitman, Michael E., and Herbert J. Mattord. Principles of information security. Boston, Mass.: Thomson Course Technology, 2003. Print. Wylder, John. Strategic information security. Boca Raton, Fl.: Auerbach Publications, 2004. Print. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Research Building a World-Class Information Security Department Paper”, n.d.)
Research Building a World-Class Information Security Department Paper. Retrieved from https://studentshare.org/information-technology/1621567-research-building-a-world-class-information-security-department
(Research Building a World-Class Information Security Department Paper)
Research Building a World-Class Information Security Department Paper. https://studentshare.org/information-technology/1621567-research-building-a-world-class-information-security-department.
“Research Building a World-Class Information Security Department Paper”, n.d. https://studentshare.org/information-technology/1621567-research-building-a-world-class-information-security-department.
  • Cited: 0 times

CHECK THESE SAMPLES OF Research Building a World-Class Information Security Department

An evaluation of the effectiveness of security program for sensitive government buildings

security Program for Sensitive Government Buildings Introduction The purpose of this paper is to research security program model for sensitive government buildings.... Therefore is important to critically discuss and evaluate the concepts, procedures and methods needed to plan and implement the security program for sensitive government buildings in order to maximize the security against this threat.... In order to properly discuss the operational aspects and factors that should be taken in consideration within the security program model was studied the Royal Institute of British Architects Guidance....
14 Pages (3500 words) Dissertation

Copmleat my resarch

The department at King Abdul Aziz University began offering rich educational resources in multiple media for both real-time and asynchronous communication between instructors and learners nearly five years ago.... The department's objectives and goal is to “effectively contribute and support scientific development witnessed by the kingdom in general and King Abdulaziz University in particular”.... This research could then help to better understand the current status of the usage project managers of successful and unsuccessful web projects and their intention for future usage....
4 Pages (1000 words) Essay

SIDRA Medical and Research Centre

Student name: Institution: Course: Tutor: Date: Cases/Precedent Analysis CASE 1: SIDRA Medical and Research Centre Facility information This facility is ranked as a world class ultra-modern and academic centre for medical purposes that operate as a fully fledged all-digital place.... The funding for the construction and development of the facility will be from the Qatar Foundation; hence, the Qatar government believed to be the client for the building.... The geographical location of the building is one opposite the Education City and adjacent to the Science and Technology Park as well as National Convention Centre, both in Qatar....
27 Pages (6750 words) Case Study

Leadership and Personal Development

This entailed selling' the company's information assurance and network security systems to UK companies.... Responsible for the implementation of the data assurance and network security system purchased from the company and the training of buyer's IT employees in the use of the system.... This entailed selling' the company's information assurance and network security systems to UK companies.... he second section of the paper, comprising the bulk of the research, critically analyses the information and data presented in the preceding....
14 Pages (3500 words) Personal Statement

Planning Windows for Climate Change

The aim of this research 'Planning Windows for Climate Change' is to discover exactly how to plan for future climate change during the design stage of construction.... This research will create that tool.... There is a huge array of window types available now, and each type has its benefits and problems....
5 Pages (1250 words) Article

HTreats to Homeland Security

As an a new applicant to pursue the Master Program at the Center of Homeland Defense and security (CHDS), the courses that the institution offers.... he second course, The Unconventional Threat to Homeland security, how terrorism operate and how there organized in terms of the extremists behind them and the groups.... Research writing and homeland security and Research Colloquium are the two courses offered dealing with it.... The course offers substantive skills on information gathering at all levels in countering and deterring from happening2....
4 Pages (1000 words) Essay

Physical Security Assessment on the VA Medical Center in Birmingham

Generally, from the paper "Physical security Assessment on the VA Medical Center in Birmingham" it is clear that it is vital to the security that there is an increase in the number of security personnel guarding the entry and/or exit points at the facility.... It was identified that a considerable number of staff were violating some security procedures either knowingly through negligence, or unknowingly due to lack of knowledge on the criticality of the facility....
7 Pages (1750 words) Case Study

The Physical Security Survey: Wells Fargo & Company

The paper "The Physical security Survey: Wells Fargo & Company" describes that Wells Fargo & Company has an effective building security program and control in place.... This security report survey has been on the foundation to identify any form of efficacy in the building's security system and the assessment to enable effective with the security standards to enable optimal security conditions and compliance within the building premises and the building's surrounding....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us