Information Security Management
Information Security Management
IT Security within the IT department is an important aspect and has several advantages and disadvantages when used in an organization.
The concept is simple to use and helps users protect their sensitive materials from unauthorized users through utilization of passwords. In the case of sensitive materials such as ATM cards and biometric scanners, firewalls are installed. The IT security tactics help to deal with new crimes that come with development in technology to reduce any form of risks subjected to an organization. Moreover, the concept helps eliminate any chance of attackers to gain access to private information of any organization whatsoever. For example, using the idea, the government can keep its top secret information and capabilities from intruders such as terrorists and other enemies of a state. The aspect also helps protect valuable information during use and while still in storage, an aspect that allows for efficient operation of an organization as information is core to the success of the organization (Randall et al., 2015).
Disadvantages
Some of the disadvantages experienced from the use of the concept include the fact that innovation is a continuous process; hence, users ought to consistently upgrade the information security. Moreover, due to the ongoing nature of consistent innovation, nothing is secure with embracement of IT, and the above case becomes worse if a user misses a single area as the whole system is compromised. At times, the concept is regarded to be too complex, making it hard for the users to comprehend how to deal with the idea. Finally, the idea can at times slow down the productivity of the business in cases where users are required to enter passwords before using their respective machines.
Recommendations
The following recommendations are essential to an executive manager wishing to develop an effective IT security program to help mitigate any form of risk whatsoever.
Regular assessment of risks
Have a practical plan in the security scheme for the organization
Have an active security management structure in place with security responsibilities
Evaluate the program effectiveness and make necessary changes if need be
Alternatives to securing funding for security projects
The directorate uses different approaches in determining the feasibility of a project, collectively referred to as the capital budgeting. The first alternative method to using for the above case is the payback period, which indicates the duration taken before an investment pays back the funds used for starting the project. However, the net present value (NPV) is recognized by various investors as the most practical approach for the purpose, as it involves a lot of aspects into consideration unlike the other methods (Vacca, 2013).
Security Technology and Security Management
Bruce argument that security is not a product but a process implies that organization should not depend on the various security techniques put in places, but should instead manage the numerous risks that they are exposed to. The scholar is bitter that people are putting too much faith in various techniques used to install security and forget to understand the numerous risks that face their businesses. However, understanding the risks is vital to solving the security challenge across the globe as it will enable users to use the security products more efficiently. Apparently, the thinking that security techniques alone can solve the issue is outdated, and it is time to understand that the matter is older than the innovation put in place (Vacca, 2013).
Focusing heavily on security technology and security management
Avoiding risks in an organization is a continuous process. Security process should consider the various measures put in place to avoid risks and should not too much focus on the security products without understanding the risks. An example in place is the use of double entry in accounting as a security process to manage risks of losing money hence should not be replaced with products. Security process helps in the efficient use of various security products to avert any form of risks whatsoever. Apparently, the concept indicates that security products have defects and through embracing the idea of the process, the various attackers who exploit the product use due to their flaws can be identified (Albrechtsen, 2015). The process helps organizations recover risks from intruders such as hackers. Therefore, it is imperative to appreciate that groups should not entirely depend on technology but instead, embrace numerous processes as they help leverage effectiveness. An example in place to justify the above statement is the consistent evaluation of the network products to check for any faults such as firewall reports, routers or even servers. The process enables an individual to detect any form of successful attacks on the organizational network because if an attack bypasses one product, it is possible that it will be detected by the other.
References
Albrechtsen, E. (2015). Major accident prevention and management of information systems security in technology-based work processes. Journal of Loss Prevention in the Process Industries, 36, 84–91.
Randall, J. Boyle & Raymond R. Panko.(2015). Corporate Computer Security (4th Edition). Upper Saddle River, New Jersey: Pearson Education, Inc.
Vacca, J. R. (2013). Computer and information security handbook (2nd ed.). United States: Morgan Kaufmann Publishers In.