Verified Document

Security Analysis In The UK Essay

Security Report In the present day, organizations are reliant on information in order to continue being relevant and not become obsolete. To be specific, organizations are reliant on the controls and systems that have been instituted in place, which provide the continuing privacy, veracity, and accessibility of their data and information (Lomprey, 2008). There is an increase and rise in threats to information contained within organizations and information systems (Lomprey, 2008). There is also a rise in the intricacy of such systems and information, which places emphasis on the importance for organizations to understand and gain an understanding of how to better safeguard their information as well as information systems. As stated by Briggs (2005), globalization has instigated the world to become a global village. This, in turn, has increased the level of complexity and intricacy of the information security aspect of the organizations across the world. There is greater need for accessibility, but at the same time, an even greater need for accountability and integrity (Briggs, 2005). Being a military company, information contained within this organization is very crucial and ought to be protected to great extents (Lomprey, 2008). In accordance to Whiting (2010), enterprise risk management (ERM) delves into and explores the realm of risks encompassing strategic, financial and inadvertent risks, and others, that an organization faces. Nonetheless, enterprise risk management does not entirely take into consideration the risks that are customarily linked with security at all times. It is enterprise security management that is in place to make sure that these risks are effectively taken into account and treated (Whiting, 2010). The following report endeavors to outline the strategic management of information security, the key components of strategic plan in relation to information security, the challenges and benefits linked to the management of information security and recommendations attained from this review.

To outline key explanatory aspects relating to the strategic management of the security function you have chosen

In definition, information security is the safeguarding of information from an extensive and wide array of threats with the main objective of making sure that there is continuity of the entity, minimization of risk and also the maximization of return on investments. In accordance to the Information Security Handbook developed by the National Institute of Standards and Technology (NIST), the strategic management of information security encompasses planning for and executing a structure together with the procedures that fend for the arrangement of information security strategy with corporate goals and objectives and pertinent regulations and industry principles. One of the main key aspects of strategic management of information security is the development of a security plan for the organization (Wakefield, 2003). This will encompass the analysis of the prevailing mission, vision and the strategic security objectives of the organization. In particular, a great analysis and evaluation of the security objectives with respect to the information security unit of the organization should be undertaken (Tipton and Krause, 2003).

The strategic security plan is purposed to assist the management of the organization with the pertinent information to make well-versed decisions regarding investment in security. In particular, the strategic plan relates and interconnects the security function with the direction that the business is taking. Strategies for security assist in attaining business goals by classifying and taking into account security necessities in organizational functions and enterprises, providing infrastructure, personnel and practices that meet those necessities. Even though compelled by business necessities, strategies ought to take into consideration other factors that may influence the realization of those results. In addition, the strategies have to be updated occasionally to permit for variations in the business direction and in the limiting factors (Whitman and Mattord, 2010). In accordance to Power (2004), the lack of information security is also a lack of risk management. The risk management of the organization enables the management and functioning of other business functions to operate smoothly. It also bears important values and principles, not least of culpability and responsibility.

To outline the main components of strategic planning (strategic analysis, strategic design, strategic implementation and strategic review) in relation to the specific requirements of that function

There are several elements that pertain to the strategic planning of the distinctive requirements of information security. To begin with strategic planning encompasses the implementation of strategies. Information security strategies take into account plans that are implemented to alleviate information security risks, whereas acting in accordance with legal, constitutional, contractual, and internally developed necessities (Gill, 2014). Characteristic phases to constructing...

An information security strategic plan endeavors to institute an organization's information security program. In essence, information security program is the entire multifaceted group of activities that provide a backing to information protection. An information security program consist of technology, official management procedures, and the casual culture of an organization. An information security program is concerning generating efficacious control mechanisms, and concerning functioning and handling these mechanisms (Gill, 2014).
Strategic Analysis

The strategic analysis component of strategic planning is purposed to analyze the security of the presently existing information security system. The results attained from this analysis will assist in the carefully choosing of security aspects that the organization will execute in accordance to the mechanism that is outlined in the security plan. At the end of the day the valuation of the assets of the establishment is done, dangers to these assets ascertained, the impact of the dangers assessed and the most fitting security controls are recommended. Some of the stages of strategic analysis of the information system include the criticality of the system, the review of information security controls and the evaluation and management of risk (Walby and Lippert, 2014).

i. System Criticality

This sub-phase outlines the kinds of protection and safeguard that is required for the system. More often than not, safeguard is elucidated in terms of privacy, integrity and accessibility needs. The extent of criticality is outlined by using two elements, which are the accessibility of the information resource in which the information is processed and the sensitivity of the information in which the information resource is processed. In definition, the sensitivity of the information security refers to the necessity to protect it from corruption or leakage. It is imperative for the information security manager to make sure that the level of security of the organizational system, with regard to accessibility of the resource of information and sensitivity of the information, and subsequently espouse the greater rating to establish the general security level of the system (Alfawaz, 2011).

ii. Review of Existing Security Controls

This phase ascertains all of the prevailing security controls or those that are being predetermined. On the minimum of three years, the organization ought to ensure that there is the independent management review of the information security controls. This review ought to be independent and autonomous from the information security manager of the organization. The main purpose of these reviews is to make a provision of the substantiation that the controls chosen or installed are adequate to provide a level of safety, corresponding to an adequate level of risk for the information security system (Alfawaz, 2011).

Strategic Design

In the strategic planning of an information security plan, the strategic design stage is the most significant one. This is owing to the fact that it employs all of the information that is gathered in the preceding phases. It is imperative for the all members of the organizational team to be cognizant with the obtainable best security practices. It is also suggested that the organization can have consultations with other specialists. In particular, the strategic design ought to produce a structure that is fitting to the security policy of the organization. More so, it outlines security control measures that are linked and applicable to the system (Raggad, 2010).

Strategic Implementation

Prior to the implementation of the information security plan, there are a number of steps that have to be undertaken. To start with, an execution team has to be created and a time schedule has to be defined. The key members of the execution team are more often than not tasked with writing down the information security plan. If at all the organization intends to outsource, a number of the internal security staff personnel who took part in creating the plan ought to be included in the execution team. The enactment of the information security plan ought to be constantly backed by security assessment methods all throughout the lifespan of the security plan. Some of these methods include: inspections, checklists and audits (Raggad, 2010).

Strategic Review

The strategic review is purposed to make sure that the information security system is acting or functioning in accordance to the design manual, which contains the security resolves encompassed in the security plan. The organization has to assess risks occasionally and whether the security controls encompasses are valid. If at all any changes are made in the security risks or security controls, corrective actions have to…

Sources used in this document:
References

Alfawaz, S. M. (2011). Information security management: a case study of an information security culture (Doctoral dissertation, Queensland University of Technology).

Ashenden, D. (2008). Information Security management: A human challenge? Information security technical report, 13(4), 195-201.

Briggs, R. (2005). Joining Forces From national security to networked security. DEMOS.

Chang, S. E., Ho, C. B. (2006). Organizational factors to the effectiveness of implementing information security management. Industrial Management and Data Systems, 106 (3): 345-361.
Ross, R., Johnson, A., Katzke, S., Toth, P., Stoneburner, G., Rogers, G. (2007). Guide for Assessing the Security Controls in Federal Information Systems Building Effective Security Assessment Plans. NIST Special Publication 800-53A. Retrieved December 16, 2015 from: http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

UK Immigration and European Convention
Words: 8560 Length: 27 Document Type: Research Proposal

In the event that the analysis of records of telephone, e-mail and internet use was considered to amount to an interference with respect for private life or correspondence, the Government contended that the interference was justified. First, it pursued the legitimate aim of protecting the rights and freedoms of others by ensuring that the facilities provided by a publicly funded employer were not abused. Secondly, the interference had a

United Kingdom's War Against Terrorism
Words: 3453 Length: 11 Document Type: Essay

United Kingdom Government Response to Post-9/11 Attacks of Islamic Terrorism Terrorism, in the context of the United Kingdom, is not new. Developed through the past century in response to the increasing rates of terrorism, the United Kingdom's modern counter-terrorism strategies encompass elements of continuity and change. Despite the significant development, there is no change to its fundamental structure as its terrorism agencies carry out similar functions in response to the challenges

UK Decline How Many Times
Words: 4091 Length: 13 Document Type: Term Paper

Carrabine, Lee and South 193) Industrial/Infrastructural Decline As has been said before, the UK no longer makes anything, builds anything or sells anything tangible. The decline in industrial production has resulted in an overall decline in employment of industrial workers, who have not been aided by a failing system to transition to other work. Some would say that the changes occurring in the UK, at this time with the increased importance of service

UK's Emergency Response and Recovery Plan on
Words: 3681 Length: 10 Document Type: Essay

UK's emergency response and recovery plan on statutory guidance accompanying the Civil Contingencies Act 2004 (last updated October 2013, version 5) which is intended to improve the country's ability to absorb, respond to and recover from manmade and natural disasters and various types of emergency situations. Although many analysts believe the UK's emergency response and recovery plan is adequate for its purposes, some critics charge that it fails to

Security Analysis in the UK
Words: 2542 Length: 8 Document Type: Essay

Corporate Security Challenges Critically discuss the assertion by Briggs and Edwards (2006, p.21) that corporate security departments face the same challenges as any other business function: "they must keep pace with their company's changing business environment and ensure that how they work, what they do and how they behave reflect these realities The world has become a global village through globalization. Business undertakings have come to be more and more intricate. This

United Kingdom Freedom of Expression Within the Social Media
Words: 2770 Length: 8 Document Type: Essay

The Positive and Negative Effects of Freedom of Expression within the Social Media in the U.K. Introduction In essence, social media in the UK provides an amazing platform for people to freely express their views, share information, and interact. Indeed, as McGoldrick (2013, p. 49) observes, “Facebook and other internet-based social networking sites (SNSs) have revolutionized modern communications.” Some of the most popular social media platforms in the country include, but that

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now