Security Report
In the present day, organizations are reliant on information in order to continue being relevant and not become obsolete. To be specific, organizations are reliant on the controls and systems that have been instituted in place, which provide the continuing privacy, veracity, and accessibility of their data and information (Lomprey, 2008). There is an increase and rise in threats to information contained within organizations and information systems (Lomprey, 2008). There is also a rise in the intricacy of such systems and information, which places emphasis on the importance for organizations to understand and gain an understanding of how to better safeguard their information as well as information systems. As stated by Briggs (2005), globalization has instigated the world to become a global village. This, in turn, has increased the level of complexity and intricacy of the information security aspect of the organizations across the world. There is greater need for accessibility, but at the same time, an even greater need for accountability and integrity (Briggs, 2005). Being a military company, information contained within this organization is very crucial and ought to be protected to great extents (Lomprey, 2008). In accordance to Whiting (2010), enterprise risk management (ERM) delves into and explores the realm of risks encompassing strategic, financial and inadvertent risks, and others, that an organization faces. Nonetheless, enterprise risk management does not entirely take into consideration the risks that are customarily linked with security at all times. It is enterprise security management that is in place to make sure that these risks are effectively taken into account and treated (Whiting, 2010). The following report endeavors to outline the strategic management of information security, the key components of strategic plan in relation to information security, the challenges and benefits linked to the management of information security and recommendations attained from this review.
To outline key explanatory aspects relating to the strategic management of the security function you have chosen
In definition, information security is the safeguarding of information from an extensive and wide array of threats with the main objective of making sure that there is continuity of the entity, minimization of risk and also the maximization of return on investments. In accordance to the Information Security Handbook developed by the National Institute of Standards and Technology (NIST), the strategic management of information security encompasses planning for and executing a structure together with the procedures that fend for the arrangement of information security strategy with corporate goals and objectives and pertinent regulations and industry principles. One of the main key aspects of strategic management of information security is the development of a security plan for the organization (Wakefield, 2003). This will encompass the analysis of the prevailing mission, vision and the strategic security objectives of the organization. In particular, a great analysis and evaluation of the security objectives with respect to the information security unit of the organization should be undertaken (Tipton and Krause, 2003).
The strategic security plan is purposed to assist the management of the organization with the pertinent information to make well-versed decisions regarding investment in security. In particular, the strategic plan relates and interconnects the security function with the direction that the business is taking. Strategies for security assist in attaining business goals by classifying and taking into account security necessities in organizational functions and enterprises, providing infrastructure, personnel and practices that meet those necessities. Even though compelled by business necessities, strategies ought to take into consideration other factors that may influence the realization of those results. In addition, the strategies have to be updated occasionally to permit for variations in the business direction and in the limiting factors (Whitman and Mattord, 2010). In accordance to Power (2004), the lack of information security is also a lack of risk management. The risk management of the organization enables the management and functioning of other business functions to operate smoothly. It also bears important values and principles, not least of culpability and responsibility.
To outline the main components of strategic planning (strategic analysis, strategic design, strategic implementation and strategic review) in relation to the specific requirements of that function
There are several elements that pertain to the strategic planning of the distinctive requirements of information security. To begin with strategic planning encompasses the implementation of strategies. Information security strategies take into account plans that are implemented to alleviate information security risks, whereas acting in accordance with legal, constitutional, contractual, and internally developed necessities (Gill, 2014). Characteristic phases to constructing...
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now