Successful Information Security Management and Computer Security - Assignment Example

1 Introduction Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world (Conklin et al. 2009). A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security management procedure. The aim is to provide a reference for the management, administration and other technical operational staff. If considering the enterprise government, focus on executing management actions is required to support the strategic goals of the organization (JOHNSTON et al. 2009). It has been calculated approximately half of the breaches to the security of the information systems are made by the internal staff or employee of the organization (Spears et al. 2010). Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues. The standard of the incident management primarily relates to ensure the existence of processes rather than the contents of these procedures (Anon.2006). The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization need to tailor the security incident handling plan according to specific operational requirements. Organizations invest enormous money to buy and install computing equipments for securing their networks. Information systems security is a challenge for executives and the information technology professionals (Dhillon et al. 2006).Organizations focus on performance and efficiency of the security equipments. This is not enough, as human intervention and a proper plan need to be defined. The information technology professionals are not only responsible for securing the information systems, all the employees of the organization are responsible (Rotvold 2008). One needs to know what an incident is, before making a plan for dealing with the computer incidents. A simple definition is available in network dictionary which says “An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.” For organizations to be competitive with network incidents, they must lay a foundation within the organization for incident handling. The incident handling procedure refers to an action plan dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security related events. Incident handling consists of six-step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned (Anon.2007a). The information security should be handled internally and externally by the employees of the organization. They will be supported by the security teams with high-powered information security officers. The employees who do not have insufficient skills in dealing with information security, they can perform well in reducing risk factors (Bulgurcu et al. 2010). In each major business unit, IT auditors and people with strong project management or risk management backgrounds can often make good information security officers, but communication skills are important. One of their most important roles should be to ensure that employees are trained in company security policies. Staff needs to know how to respond if someone rings them up and asks for their password, and they need to be aware of the dangers of downloading code from the Internet. Outsourcing parts of the security operation can save money and provide all-round security coverage for companies that do not have sufficient security staff, but it should not be carried out lightly. Strong service level agreements and good performance metrics are essential.(Goodwin 2003). 2 Security Incident It is the information depletion that will be undesirable to the welfare of the organization. It is an adverse event in an information system or network that poses a threat to computing equipment or network security in reverence of availability, integrity and confidentiality. Incidents which are not within the capacity consisting of natural disaster, hardware or software collapse, data transmission failure, power interruption etc. are addressed by the disaster recovery plan of the organization Security incidents involves unauthorized access, unauthorized utilization of services, denial of resources, interruption of services, conciliation of protected data, network system permissions, leaks of confidential data in electronic form, malicious demolition or amendment of data, information, dissemination and intrusion, misuse of computing equipments, computer viruses and fraud, and malicious scripts affecting set of connections of the systems or network. 3 Incident handling Security incident handling is the continuous process which prevail the activities before, during and after a security incident occurs. Security incident handling commence with the arrangement and preparation for the resources, and developing appropriate measures to be pursued, such as the escalation and security incident response processes. Organizations must develop a security policy for handling incidents. The security policy exhibit management commitment for supporting information security (Saint-Germain 2005).When a security incident is perceived, security incident response is prepared by the responsible teams following the predefined measures and actions to be performed. The team represents the behavior or actions carried out to deal with the security incident and to reinstate the system to normal operation. Precise incident response teams are usually created to perform the tasks of creating security incident retort. When the incident is handled, actions will be taken to follow up and evaluate the incident. This action is performed for strengthening security protection to prevent recurrence. The revision of planning and preparation task is completed and revised accordingly to make sure that there are ample information security resources. They include manpower, equipment, technical expertise and properly defined procedures to deal with potential incidents. 4 IMPORTANCE OF SECURITY INCIDENT HANDLING Organization must develop a security incident handling plan. The plan is vital for the effective operations of the computer environment. Organizations need to ensure for the required resources are available for handling the incidents occur. All parties must know regarding their responsibilities and have a clear understanding related to the task they will perform if any incident issue occurs. They must follow a pre defined procedure. The teams should perform actively for handling the security incident for recovering the issue in minimum downtime. The response activities should be co ordinate with each other with clear understandings. Reduce the probable impact of the incident in terms of information breach and system interruption etc The experience of how the incident has been solved and what expertise was utilized needs to be shared between each member of the incident response team. ; The prevention of further attacks and damages Tacking the legal issues 5 Key Elements to be protected Computing equipments having external connection, e.g. Internet Databases having critical financial data and information Mission critical systems Other systems having a highly adverse impact if a security incident takes place. An incident management team is required for managing network incidents via a proper plan. Incident response teams consist of groups of professional responsible for eliminating information security incidents when they take place (Anon.2007b). The group of people consists of customer support specialists, system administrators, information security managers, Information security officers, and chief information officers. 6 Role of the Information Security Officer Security management is essential for every organization. “Information security, protecting the confidentiality, integrity, and availability of information is the top investment priority for many manufacturers”. It is the ultimate goal of the incident management security team to minimize the downtime of the incidents. The information security officer has key responsibilities. The security officer plays a vital role because the escalation initiates from this point. The information security officer is responsible for reporting an incident which has occurred in the organization. The organization needs to identify the skills of the employees suitable for handling the incidents occurring on the systems, network, database, and applications. Employees of the organization consisting of the account staff, receptionist, sales team, office boys etc. The information is everywhere in the organization, in the form of files and cabinets. The organization cannot reply on staff to rely on, until they are not security experts. In order to protect financial data, which is the lifeblood of any organization it is not enough. The current staff will not be able to handle security incidents due to insufficient skills. Security team with experts is required to take place (Hayes 2008, Hayes 2008). The information security officer must have the expertise to thoroughly analyze the incident report and activate the security team. The information security officers will also assist and identify any resource which will help in assisting the security team. After the incident identification and reporting, the information security offices will report the computer security incident to the information security manager and chief information officer. For legal issues, the local police will also be reported. Identification and reporting of legislative issues within the network is also the responsibility of the information security officer. The information security officer then creates a report by gathering the required issues occurred related to the incident. The report is submitted to the chief information officer including all the details regarding the incident. 6.1 Constraints Constraints will be the technology, time and resources should be considered. These elements will impact on a high level while handling the incident management process. An example of this would be no expertise present for any specific incident; consultants will be notified regarding the issue. The guidelines need to be defined by the information security officer previously for the smooth functioning of the process. 6.2 Reports The information security officers create steps and processes before escalating the reports. All the members of the team need to be informed in a timely manner. The report should consist of comprehensive contact details so that the partners of the incident management team can communicate effectively with each other. The contact information may contain the hotline for office house, hotline for “non-office” hours, email addresses, cell phone numbers, and backup telephone numbers are mentioned in the report. To maintain consistency, the post incident report is also prepared by the security officer. This report also includes the information which is collected during the security incident reporting process. The reporting procedures are created in advance for eliminating the miss communication between incident management partners. All the partners already have the report format, the information required and whom they will report regarding the incidents on the network. 6.3 Escalation The information security officer defines a way which may help the incident management partners to take decisions in a prompt manner. The severity of the incident will be measured by the security officer. The severity depends on the impact of the system on the organization’s business processes. For example, the system in the security department crashed. The bio metric system is now not working because the system connected to it is not working. The organization will not be able to record the timings, and working hours of the employees. This type of incident should be marked ‘critical’. 6.4 Knowledge Base The information security officer maintains a knowledge base for all the incidents occurring in the organization. The knowledge base can be shared among the incident management partners for better understanding and analysis of the incidents which take place frequently. The officer can re use the knowledge base for reporting and escalation issues which occur on a frequent basis. The reports and escalation mechanism is used for escalating issues in an efficient way. 7 Conclusion The organizations can train internal employees for performing certain tasks related to incident management security. It is also predicted that 50% of the security breaches are held by the internal staff of the organization. For administrative and complex tasks, security professional with the required skills is required for handling the issues. The organizations must define a policy and a plan in order to eliminate issues through a well defined process. The information security officer initiates and escalates the issues to the incident security manager in a well defined process. The information security officer must align and inform the related teams in order to minimize the time. The information security officer then escalates the incident to the information security manager and the chief information officer. A formal report with the complete details is send and a copy is maintained by the information security officer. For legal incidents, a local police is informed to carry out the operation. References , 2007a. Incident Handling. Network Dictionary, 03, pp. 342-342 ISSN 9781602670006. , 2007b. Incident Response Team. Network Dictionary, 03, pp. 242-242 ISSN 9781602670006. , 2006. Information Security Standards Focus on the Existence of Process, Not its Content. Communications of the ACM, 08, vol. 49, no. 8, pp. 97-100 ISSN 00010782. BULGURCU, B., CAVUSOGLU, H. and BENBASAT, I., 2010. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 09, vol. 34, no. 3, pp. 523-A7 ISSN 02767783. CONKLIN, W.A. and MCLEOD, A., 2009. Introducing the Information Technology Security Essential Body of Knowledge Framework. Journal of Information Privacy & Security, 04, vol. 5, no. 2, pp. 27-41 ISSN 15536548. DHILLON, G. and TORKZADEH, G., 2006. Value-Focused Assessment of Information System Security in Organizations. Information Systems Journal, 07, vol. 16, no. 3, pp. 293-314 ISSN 13501917. DOI 10.1111/j.1365-2575.2006.00219.x. GOODWIN, B., 2003. Businesses Need both Local and Central IT Security Officers. Computer Weekly, 06/03, pp. 16 ISSN 00104787. HAYES, F., 2008. Security Team. Computerworld, 04/14, ISBN 00104841. JOHNSTON, A.C. and HALE, R., 2009. Improved Security through Information Security Governance. Communications of the ACM, 01, vol. 52, no. 1, pp. 126-129 ISSN 00010782. ROTVOLD, G., 2008. How to Create a Security Culture in Your Organization. Information Management Journal, Nov, vol. 42, no. 6, pp. 32-38. SAINT-GERMAIN, R., 2005. Information Security Management Best Practice Based on ISO/IEC 17799. Information Management Journal, Jul, vol. 39, no. 4, pp. 60-66. SPEARS, J.L. and BARKI, H., 2010. User Participation in Information Systems Security Risk Management. MIS Quarterly, 09, vol. 34, no. 3, pp. 503-A5 ISSN 02767783.  Read More