Information Security Essay Example | Topics and Well Written Essays - 1000 words - 1

Information Security - Essay ExampleThere is also a vast body of empirical evidence that demonstrates that world(a) managers ought to be much more involved in the formulation and implementation of breeding trade protection because they are more able to assess particular types of attempts, more attuned to cost-benefit considerations, and better able to integrate information security into a line of descent organizations larger structure than narrow-minded security specialists (Lacity, 2005). In order to more all the way elaborate how organizations should approach information security issues, this essay allow discuss how businesses should strike a balance between information security and information sclerosis and what professional competencies ought to oversee information security policies, procedures, and practices.As an initial matter, it should be noted that information security can be neglected by business organizations (National Institute of Standards and Technology, 1998) as well be over-hyped and made far too complex for complete use (Angus, 2005 Miller, 2005). The most prudent course of action, to be sure, is uncomplete a zero-information security policy nor a systemic approach that is too complex (Angus, 2005) or too expensive (Lacity, 2005) for the organizations needs. A balance needs to be struck.Commenting on a study carried out by the GAO, the National Institute of Standards and Technology established a viable framework for promoting good practices for information security programs this framework deals with risk assessment, the taking bars to visit risk, and the creation of a central management group devoted to these risk management functions. This section will address good practices as they pertain to risk assessment and tailoring an information security policy to organizational goals and to remain cost-effective.The essence of an effective risk assessment procedure is not to assume that every conceivable risk can be planned for, but inst ead to identify perverts to reduce the treat of potential risks to levels that are deemed acceptable (Workstation Services Support Group, 1998). This notion of acceptability is crucial to any cost-benefit analysis involving an information security system. The first step is to create a recognition that an organizations informational resources are valuable assets in need of protection. This mode creating a pervasive organizational understanding about security risks, advanced security threats and the procedures for keeping workers informed. The second step is to draft and implement risk assessment procedures which incorporate the information security system into the larger business structure. This means treating information security as a business concern just as much as a technical matter for IT specialists. The third step requires holding individuals accountable for information security issues. This is important as it eliminates the possibility of passing responsibility on to secur ity specialists and demands a comprehensive approach to information security. The fourth and final step requires that security risks be monitored and