1. Main page
  2. Flashcards
  3. Importance of security processes

Importance of security processes

Security Procedures

Having a security procedure within an organisation is critical to that organisation lasting. The three constituents of a security procedure are bar, sensing, and response. Prevention trades with the “ execution of security controls and countermeasures or precautions during the initial security design stage of the development life rhythm. “ [ 1 ] Detection involves all of the on-going monitoring activities in the company ‘s IT substructure and information. Response is merely how the company reacts when there is a breach in security or “ incident from a known or unknown hazard, menace, or exposure. “ [ 2 ] All of these stairss in the procedure are really of import, because missing in any of these could ensue in security hazard jobs for the company.

Harmonizing to Schneier, “ computing machine insecurity is inevitable. Technology can foil most of the insouciant aggressors… but onslaughts will fall through the clefts. Networks will be hacked. “ [ 3 ] There are many ways to seek to forestall onslaughts but in the terminal bar wo n’t be able to guard against all onslaughts. A system must be ready to observe and react to unexpected onslaughts. With more concerns traveling online with their merchandises, information demands to be progressively more and more secure. If the proper sum of security is non in topographic point, several things can happen. These can include loss of productiveness, misdemeanor of Service Level Agreements, fiscal loss, loss of [ system ] life, onslaughts on an IT substructure including onslaughts against the unity of a system and pull stringsing information, and confidentiality of information and informations assets can be compromised. [ 4 ] These are unsafe effects of onslaughts which is why onslaughts to be prevented and, if non, identified and dealt with in a timely manner. The existent system development lifecycle, with the embedded security procedure is the device that helps forestall a batch of these onslaughts.

Security demands to be involved in every measure in the systems development lifecycle ( Risk Analysis, System Requirements Definition, Functional Design, Security Design, System Testing, and System Design Verification [ 5 ] ) . If there is any loophole or spread, of import informations or information could be lost, misused, or manipulated. If any of these embedded security devices fail and an onslaught is detected, there are four countries which encompass how a system will react: Business Continuity Plan, Disaster Recovery Plan, Security Incident Team and Plan, and the Forensic Analysis Plan. [ 6 ] When retrieving from an onslaught, the system needs to be redesigned to be better after the onslaught. There are a batch of interesting facets of system procedures.

An of import thing to retrieve is that exposures will ever be found. As Schneier says, “ it is basically impossible to forestall onslaughts. “ [ 7 ] It ‘s impossible to happen every exposure, so it ‘s best to be ready to respond when an onslaught occurs. It ‘s besides impossible to happen a standardised security procedure, because every concern is different. A concern ‘ security procedure should reflect how it prioritizes its procedures and security maps. Schneier besides says to hold defence in deepness ( have many beds of security because a hacker has to check through many beds alternatively of one or two ) , choke points ( force traffic to come through narrow mediums so it ‘s easier to supervise ) , and embracing simpleness ( the more complex security it is the harder it is to supervise ) . One regulation he stands by is to “ swear no 1, particularly yourself ” . He besides says to “ watch the spectators ” . Employees and directors are frequently put in charge of supervising different things but those supervising the employees and directors need to make so closely, because they have the power to onslaught from within, if they have a motivation to. [ 8 ]

Latest Developments

There are many prevailing tendencies in security procedures today. One of the biggest 1s is prioritising them. “ Prioritizing information security processes is a necessary immorality in the design and execution stage. “ [ 9 ] Security procedures need to be grouped, so one time in groups broken down into even more complex prioritization. When prioritising security processes it ‘s of import to retrieve that they have to be customized to your concern, which besides means there is no right reply as to how procedures are prioritized. It ‘s all about what works best for your company. Prioritization helps system interior decorators and decision makers to depute which parts of the concern have the most of import assets. This helps with apportioning financess and finding which assets need to be most to a great extent secured and which 1s do n’t necessitate security rather as stringent. In 2009, the latest developments were: the germinating definition of end point security ( the meeting of endpoint security with traditional anti-virus package ) , more accent on cyber security, progressively rigorous privateness statute law, security in the “ cloud ” , virtualization security, secure package development, information-centric security, omnipresent encoding, entitlement direction, and concern procedure security. [ 10 ] This all means that security procedures are having aid, as companies and enterprises are working towards being more secure through these attempts. Another tendency that ‘s emerging is “ popular sites like Facebook [ going ] attractive marks for virus authors… the Koobface virus spread by enticing victims with supposed pictures of themselves. “ [ 11 ] There is a ascent in onslaughts on societal networking sites merely because one time you get one individual to fall for your onslaught, it spreads to their friends and the onslaught grows exponentially. Besides, onslaughts are no longer limited to computing machines. Viruss in assorted applications can distribute to, cell phones, iPhones, PDAs, etc. Security disbursement is besides on the rise, where in 2009, “ disbursement on information security processes, developing and particularly engineerings is expected to increase about 20-25 % globally. “ [ 12 ] Mean disbursement for security procedures in 2008 jumped 20 % , with security procedure disbursement being 16 % of that. Besides, security package disbursement worldwide increased from $ 11.3 billion in 2007 to $ 13.5 billion in 2008. This is all harmonizing to SearchCIO-midmarket.com. Something dry is that “ the growing… comes even as information security engineering… has become less of a precedence for CIOs, falling in recent old ages from a top-three concern to No. 8. “ [ 13 ] CIOs could be loath to pass financess on security procedures, but in the terminal they must in order for their concerns to win in the present twenty-four hours environment.

How Security Processes Relate to Our Personal Experience

When most concerns rely to a great extent on information, roll uping informations from their client, provider, employee, and each and every concern activities, the cognition and accomplishment of how to procure and pull off the information become important and of import for us to be successful in our future calling in concern.

There are turning calling chances in the information security field. From what I ‘ve personally experienced, a batch of concerns do n’t hold a secured information system to protect its informations. They might hold firewalls and antivirus package, but their employee can utilize brassy thrusts and carry the information place to complete work. Some secure mechanisms are at that place, but the security procedures are far from “ secure ” . This is a menace to the concern, yet it ‘s a calling chance for those with the cognition of how to cover with these menaces, people like us ( IT pupils ) .

What Businesses Should Make Related to Security Processes

As Information engineering becomes an of import and inevitable portion of concern, the security issue rises, and becomes one of the most ambitious facets of concern direction. It opens the gate to many chances that you would n’t hold even thought of 20 old ages ago, yet it ‘s required for concerns to run and pull off hazard. IT hazard is inevitable, but manageable.

To pull off information security one needs to look at information security as a hazard direction issue. Business is all about doing a net income, so you ca n’t pass all your money to procure the information and web you have. The budget is ever limited and you ca n’t procure everything. Look at the informations assets you have, and based on the rating and hazard exposure that each plus bears [ 14 ] , apportion your limited budget to cut down the exposure to a degree that you can digest. This rating is done by looking at the concern and security aspect as a whole. In most instances, the information system is merely every bit strong as the weakest point. The right position on information security is to cut down hazard exposure instead than holding the highest degree of security.

A system has to hold the right security tools, security procedures and security policies in topographic point. Guidelines and criterions already in the concern should besides be used in the information direction system, because the information system should be in line with the remainder of the concern. Most organisations have a figure of information security controls. Without good developed criterions, the controls sometimes go disorganised and disjointed. [ 15 ] For illustration, controls may be managed in independent units. The book talked a batch about how processes work in theory, but practically, concerns need criterions.

The procedure of procuring information should germinate as the concern does. [ 16 ] Like there is no individual remedy for all diseases, there is no individual criterion for security procedure. Information is frequently stored and operated on different substructures, runing systems, and hardware and security mechanisms. Risk besides develops over clip. So the procedure to procure your information system should invariably better and be seasonably. A concern head with the right attitude, tools, and procedures, can do IT hazard manageable.

  • Note. From Gregg, M. & A ; Kim, D. ( 2005 ) . Understanding the IT Security Process. In Inside Network Security Assessment: Guarding Your IT Infrastructure ( Why Risk Appraisal: pp.4-7 ) . Retrieved from: & A ; lt ; hypertext transfer protocol: //www.informit.com/articles/article.aspx? p=426631 & A ; seqNum=4 & A ; rll=1 & gt ;
  • Ibid.
  • Note. From Schneier, B. ( 2004 ) . Security Processes. In Long, C. ( Ed. ) , Secrets and Lies: Digital Security in a Networked World ( p. 367 ) . New Jersey: John Wiley & A ; Sons, Inc.
  • Note. From Gregg, M. & A ; Kim, D. ( 2005 ) . Understanding the IT Security Process. In Inside Network Security Assessment: Guarding Your IT Infrastructure ( Why Risk Appraisal: pp.4-7 ) . Retrieved from: & A ; lt ; hypertext transfer protocol: //www.informit.com/articles/article.aspx? p=426631 & A ; seqNum=4 & A ; rll=1 & gt ; .
  • Ibid.
  • Ibid.
  • Note. From Schneier, B. ( 2004 ) . Security Processes. In Long, C. ( Ed. ) , Secrets and Lies: Digital Security in a Networked World ( p. 374 ) . New Jersey: John Wiley & A ; Sons, Inc.
  • Note. From Schneier, B. ( 2004 ) . Security Processes. In Long, C. ( Ed. ) , Secrets and Lies: Digital Security in a Networked World ( pp. 369-373 ) . New Jersey: John Wiley & A ; Sons, Inc.
  • Note. From Infosec ( 2006, March 12 ) . Prioritizing Security Processes. Retrieved March 17, 2010. Message posted to: & A ; lt ; hypertext transfer protocol: //it.toolbox.com/blogs/security-commonsense/prioritizing-security-processes-8195 & gt ; .
  • Note. From Oltsik, J. ( 2008 ) . Looking in front at security tendencies for 2009. Retrieved March 17, 2010, from: & A ; lt ; hypertext transfer protocol: //news.cnet.com/8301-1009_3-10128133-83.html & gt ; .
  • Note. From Mills, E. ( 2008 ) . Scams up, but large Net onslaught averted. Retrieved March 17, 2010, from: & A ; lt ; hypertext transfer protocol: //news.cnet.com/Year-in-review-Scams-up % 2C-but-big-Net-attack-averted/2009-7349_3-6248488.html? tag=mncol ; txt & gt ; .
  • Note. From Tucci, L. ( 2009 ) . IT security passing a bright topographic point in ’09, with more growing predicted. Retrieved March 17, 2010, from: & A ; lt ; hypertext transfer protocol: //searchcio-midmarket.techtarget.com/news/article/0,289142, sid183_gci1360072,00.html & gt ; .
  • Note. From Tucci, L. ( 2009 ) . IT security passing a bright topographic point in ’09, with more growing predicted. Retrieved March 17, 2010, from: & A ; lt ; hypertext transfer protocol: //searchcio-midmarket.techtarget.com/news/article/0,289142, sid183_gci1360072,00.html & gt ; .
  • Fratto, M. “ Use hazard direction rules to aim your investments-before you get burned ” : Information hebdomad. June 30, 2008.
  • Sweeney, G. ” Understanding the demand for informations to be under lock and cardinal ” . Birmingham Post. August 5, 2008.
  • Miller, M. , Puffer, N. , and Shipley, G. “ WhereRiskMeets Reality ” : Information Week. November 10, 2008.


Related Essays:

  1. The Dynamics Of Board Processes Board Processes Commerce Essay
  2. Assessing The Recruitment And Selection Processes Commerce Essay
  3. Production Processes Of Top Glove Company Commerce Essay
  4. The Significant Importance Of Project Management Commerce Essay
  5. The Importance For Organisations To Innovate And Learn Business Essay
  6. The Importance of the Baroque Era
  7. The importance of vitamin C
  8. The Importance of the Great Exhibition of 1851

Related Essays

New Essays

View More
×

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out