Information Security Management from Government Perspective
Introduction
This study aims to explore some of important facts about the information security management. This is information age and flow of information is considered as an important aspect of today’s fast and evolving technological environment (Anderson & Moore, 2006). The information flow or exchange can be managed only if there are adequate measures to retain information systems that can ensure to keep important information securely (Jain, Ross, & Pankanti, 2006).
An information security system can be considered as an information containing system that has been secure from any possible malicious activity or from any possible attempt of security breach (Tipton & Krause, 2012). These information security techniques may include use of biometric systems, encryptions, cryptography. The security of information becomes an important factor for the security specialists and data security professionals as the information would consist of important governmental or corporate data that can be lost in case of a security breach (Turban et al., 2009).
Governments now-a-days are performing their governance specific activities using the information based systems world wide. They have to think of securing that information retained on the hard drives of computer systems as it usually also contains collection of some sensitive information (Silberschatz, Galvin, & Gagne, 2013). The loss of that sensitive information can result in the slowing down of governance specific day to day operations.
In order to understand the importance of information security management for the governments we can see that they allocate huge amounts on the Research and Development related to the development of IT sector (Longley, 2005). The professionals who study information technology and information security concepts later on move to certain governmental organizations and other public sectors organizations to fulfill the responsibilities assigned to them (Forbrig, Paternò, & Pejtersen, 2008).
Governments are concerned about the nature of sensitivities and security of the servers that contain huge amount of national information. Some of the professionals and government employees are assigned task to mange the security of the information that is retained on the information security systems (Subashini & Kavitha, 2011).
The Data Security staff works under the guidelines put in the form of international level Standard Operating Procedures and policy documents (Adger, 2006). These procedures are devised after carefully examination of the successful security systems that are functioning across the globe as per the capacity and diplomatic relationship of governments with other countries (Jo, Seungjoo, & Dongho, 2011).
Critical success factors & Challenges for Information Security Management
The human resources that would be involved in the development of various I.T. projects need needs to be trained adequately. They need to be supervised or lead by a team of highly motivated and dynamic mission oriented information security experts throughout the project (Ma, Schmidt, & Pearson, 2009). We can see developed countries have successfully managed these kinds of projects at national level to provide best services to their citizens. There are many developing countries such as India, Pakistan, China and other Asian countries have been able to develop sophisticated information management systems that ensure the security and integrity of these I.T. projects (Abbas et al., 2011).
It is very much important to ensure the effectiveness of the Information Security Management Systems for all the government systems at different levels. The top-level management of these systems needs to have visible support and continuous commitment. They need to frame policies that will reflect a common strategy throughout the organization (Brynko, 2008). In addition, it needs to be managed on a central basis. The entire strategy of the organization should reflect a specific approach to the risk management.
We need to have control objectives defined for this purpose. The security objectives need to be based upon the business objectives and other requirements. We need to control the waste of valuable resources and thereby, undertake only necessary tasks (Cachin, Keidar, & Shraer, 2009). In addition, we need to comply with the philosophy of the organization and try to achieve the objectives of accountability and transparency. The employees of the organization need to be trained on the principles and values of ethics (Douglis, 2009). The entire organization needs to constantly update them so as to tackle different challenges over different periods of time.
We might face challenges of dynamically changing security requirements, externalities issues, and obsolete evaluation issues for the security concerns (Ziervogel, Bharwani, & Downing, 2006). But, we need to continuous put in our efforts and try to mitigate the risks with different strategies. Keeping the system up-to-date, internalizing the externalities, and evaluating the security system at regular intervals will help us to overcome these challenges (Lack, 2006). Technology will be playing a vital role in the future, and hence, keeping in mind the objectives, we need to develop the frameworks, strategies, and define objectives for installing the state-of-art information security management system at different levels of the government (Jordan, 2006). It will ensure security, integrity, accountability, and transparency of all the operations carried out at the government level.
References
Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610-613.
Jain, A.K., Ross, A., & Pankanti, S. (2006). Biometrics: a tool for information security. Information Forensics and Security, IEEE Transactions on, 1(2), 125-143.
Tipton, H.F., & Krause, M. (2012). Information security management handbook. Boca Raton, Florida: CRC Press.
Turban, E., Lee, J.K., King, D., Liang, T.P., & Turban, D. (2009). Electronic commerce 2010. Upper Saddle River, New Jersey: Prentice Hall Press.
Silberschatz, A., Galvin, P.B., & Gagne, G. (2013). Operating system concepts. New Jersey: John Wiley & Sons.
Longley, P. (2005). Geographic information systems and science. New Jersey: John Wiley & Sons.
Forbrig, P., Paternò, F., & Pejtersen, A.M. (2008). Excitation of plasmons and interband transitions by electrons. New York: Springer.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
Jo, H., Seungjoo, K., & Dongho, W. (2011). Advanced information security management evaluation system. KSII Transactions on Internet and Information Systems, 5(6), 1192-1213.
Ma, Q., Schmidt, M.B., & Pearson, M. (2009). An integrated framework for information security management. Review of Business, 30(1), 58-69.
Abbas, H., Magnusson, C., Yngstrom, L., & Hemani, A. (2011). Addressing dynamic issues in information security management. Information Management & Computer Security, 19(1), 5-24.
Brynko, B. (2008). Cloud computing: Knowing the ground rules. Information Today, 25 (10), 23.
Cachin, C., Keidar, I., and Shraer, A. (2009). Trusting the cloud. SIGACT News, 40(2), 81-86.
Douglis, F. (2009). Staring at clouds: Internet Computing. IEEE, 13(3), 4-6.
Ziervogel, G., Bharwani, S., and Downing, T.E. (2006). Adapting to Climate Variability: Pumpkins, People, and Policy. Natural Resources Forum, 30(4), 294-305.
Lack, R. (2006). The Importance of User-Centered Design: Exploring Findings and Methods. Journal of Archival Organization, 4(1), 69-86.
Jordan, M. (2006). Putting Content Online: A Practical Guide for Libraries. Oxford: Chandos.
Adger, W.N. (2006). Vulnerability. Global Environmental Change, 16(3), 268-281.
