Importance Of Security Controls And Business Strategy For Achieving Information Assurance

2612 Words Mar 21st, 2015 11 Pages
1. Introduction
Defense-in-depth is a commonly cited best practices strategy for achieving Information Assurance. It is an approach to security that layers controls thus increasing security for the system as a whole (United States National Security Agency, n.d.). Security controls derive from three primary categories: Administrative, Technical/Logical, and Physical/Environmental (Harris & Kumar, 2013, p. 28). To help mature and improve information security as a process and business enabler, it is critical that organizations adapt their understanding and cogency of administrative controls. The information security market is flooded with technical solutions that fit into technical/logical control categories. As more businesses move to the Cloud, physical and environmental controls are relegated to third-parties. To achieve true Defense-in-Depth, businesses must further develop their Administrative controls and efforts. This enables the business to understand the value of security, and enables security to align with business strategy (Cano M., Ph.D, CFE, 2014, p. 51-55). This paper will examine the importance of administrative information security controls and the role they play in Defense-in-Depth strategies by discussing the maturity of security programs, discovery of security program foundations, frameworks, and process, enterprise security architecture, and the governance of information security strategies.
2. Mature Security Programs: Basics of Administration
2.1.…
Open Document