Long-term certification

On a more long-term basis it would be a good idea for the staff of the it department to seek Global information assurance certifications. "The SANS Institute offers this suite of certifications under the GIAC (Global Information Assurance Certification) program. While GIAC certifications are intended primarily for practitioners such as system administrators, and network engineers, there are a few that would be appropriate for early-career managers.

The GIAC Information Security Officer (GISO) is an entry-level certification that includes knowledge of threats, risks and best practices. The GIAC Security Essentials Certification (GSEC) is an intermediate-level certification that demonstrates basic information security knowledge for both practitioners and managers" (Gregory, 2003).

Conclusion

In order to continue to be successful the History Channel must develop a plan to protect its information systems from any and all threats that might be looming. The best way to do this is to make sure that the entire staff is aware of what threats are out there and how to deal with any issues should they arise, which is exactly what the goal of this plan is.

References

Gregory, P.H. (2003). Are security certifications worth it? Retrieved from http://www.computerworld.com/s/article/77849/Are_security_certifications_worth_it

_?taxonomyId=17&pageNumber=2

Gupta, U. (2011). Top 5 Certifications for 2012. Retrieved from http://www.bankinfosecurity.com/top-5-certifications-for-2012-a-4291/op-1

Information Technology Security Training Requirements: A Role -- and Performance-Based

Model. (n.d.). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-16/800-

16.pdf

Security Network Checklist. (n.d.). Retreived from http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/se cure_my_business/network_security_checklist/index.html

Most organizations try to administer security management for IA purposes at a distance. This is usually accomplished for common systems such as laptops, desktops or servers using an out of the box applications. This generally works well in these environments for common systems, but as soon as the complexity level or operational character of the systems change, they are left out of the loop and fall short of what is really needed (Information Systems Security Lifecycle Management, 2009).
Benefits of ISLLM

Key advantages of managing information via the lifecycle method include: consistency, inclusiveness, pro-activeness, proportionality and flexibility. ISSLM s a prerequisite for good corporate governance, but is also an integral part of good business conduct. It protects reputations and manages risk, as well as promoting a safe, secured transaction environment (Information Systems Security Lifecycle Management, 2009).

Disadvantages of ISLLM

Information systems are presently designed with no contemplation for Information Assurance (IA). This usually occurs because of miscommunication and lack of understanding of IA by the vendor and government when developing system requirements. Throughout the beginning phases of development, operational facets and shortcuts frequently trump ordinary security practices. The consequence is a system that is not only insecure, but does not hold to a lot of the policies that systems must follow. This is often a result of a variety of reasons, such as a shortage in funding, staffing or understanding of a complex system (Information Systems Security Lifecycle Management, 2009).

References

Information Systems Security Lifecycle Management. (2009). Retrieved from http://www.telecomsys.com/Libraries/Collateral_Documents/ISSLM_White_Paper.sflb.ashx