The Main Purpose of Security Management and Security Measures must be Commensurate with the Threat
For us to identify security management we first have to breakdown the meaning of security management because one person’s ideology of security can be totally different to someone else’s, therefore to define security in Latin (secura with care) basically translates to be free from danger.
To need security management we first have to identify a threat because without a threat we can’t fully understand or comprehend the task at hand, Management is how we go about implementing our principals of management that we have learned throughout our careers and personal approaches to the systems that have been proven over the years in successes and
…show more content…
For us as security managers to begin to dissect the threat we must go back to the Risk and threat assessment as stated in (Risk and Security management 2008) the threat assessment specifically defines the scope, nature and impacts of risk the company may face during the life span of the operation. It should be written in the context of both the risk environment and the company’s risk tolerences, as these will define what risks are considered noteworthy and which fall within acceptable ranges for a project or organization. The Security Director should not assume that the initial threat assessment will be read in conjunction with the intelligence review. Therefore the key elements from the intelligence review should be included (if) to clarify the environment in which the organization will operate. The threat assessment can be conducted in isolation of a site visit, although specific risks associated with the project will be difficult to ascertain without firsthand knowledge through an actual visit. Secondary threat assessment may be done concurrently with, or as part of the security survey to provide the final specifics for the organization itself, as opposed to the more overarching initial assessment.
The Risk assessment will be a vital part of the whole security plan which is a document which basically covers the whole
Both Security Management and Prevention are categories that should be included in any review or audit process of IT systems. SM reviews how security is managed from the top down. The how and if management supports the ISMS program is identified. The overall management of the company and how services are provided are essential. Prevention looks at the performance and maintenance of IT systems and the reporting of these processes. It is extremely important to have these categories as part of the ISMS process and any review of these processes.
1. Why is risk mitigation and filling in critical security gaps an important next step after the security assessment is performed?
After the information system is installed, the IS security controls must be monitored and assessed on a continuous basis. Continuous monitoring ensures the security controls in place are effective. In this step, there are five tasks. The first task requires managers to determine the security impact based on the threat environment. The second task is conducting assessments on certain security controls as outlined in their Continuous Monitoring Strategy. The third task is correcting discrepancies found in the assessment. The fourth task requires updating the Security Authorization package based on the previous results. The fifth task requires the appropriate officials to make a risk determination and acceptance by reviewing the reported security
A risk assessment is a process which identifies the risks to confidentiality, integrity, and availability of protected information, determines the probability of a breach of information, and the resulting impact for each threat/vulnerability pair identified given the security controls already in place.
Risk management needs to be an ongoing process, occurring throughout the project, because of the ever-changing aspect of risk. ATOM process includes both major and minor reviews to maintain the vigilance required when dealing with project risk. Major reviews are designed to occur at key points in the project to review the status of the risks and to evaluate the actions taken. Reviews evaluate the effectiveness of the risk plan and make changes to that plan to keep up with the changes in the risks. The major review is scheduled for major milestone points in the project, identified as part of the risk. management plan. The risk register should have all the current information about the risks when the review begins. In addition, the project manager will provide information with regards to the project status and the review point. The risks will be reviewed with regards to their status, changes in probability or impact, and the actions described for the risks. Any new risks will be assessed and actions will be identified. Because risk needs to be monitored throughout the project and not just at major points, our process would contain provisions for minor reviews too. Minor reviews are designed to fill the gap between the initial risk assessment and the major review and to be ongoing throughout the project. It carries out the reviews of the major review on a less-detailed scale. After a review of both, an updated risk register is produced. Updates to the project plan to better manage potential risks may also be an outcome of the review. We will have risk review meetings also. Performance measurement system for our project would track the following metrics:
A security force is comprised of a team with a mix set of specific skills applicable to mission accomplishment. The supervisor is learned how to be led and groomed to be a leader. The successful security force must be coached and mentored by a person with balanced leadership and organizational management skills. According to Christopher (2009), the security force is managed and led by someone who can enable the element to accomplish expected goals. They provide guidance in the face of adversity. These challenges are growing pains in the development of a security force and ensuring they are up to par with adapting to frequent changes to threat analysis. The manager
Imagine you are out on a dinner date and all the sudden three masked men armed with guns and bombs show up .You are all getting held hostage and do not know how you're gonna survive. The first people that show up are a security manager and his group of assistants.They come and arrest the three terrorists and save your life.Security managers, risk their lives every day to make sure that you are safe. I am interested in being a security manager because I enjoy working in a group , communicating with others , physical training, and the salary is very good.
The management of risk is at the heart of the security professional role. The effective management of risk and the minimising of associated threat is how the security professional protects their asset. There are many ways this can be achieved, but the most valuable is the effective and well-informed security Analysis.
Security requires the integration of people, process, and technology, but should also include prevention, detection, and response, and all three are needed for a comprehensive and robust security framework. Within the network framework, admonition plays a key part in the prevention, detection, and response needed by system and network administrators to elude a potential threat to the network. Prevention addresses the likelihood of harm whether internal or external. Detection and response are generally used to limit damage once a security threat has occurred. Admonition in prevention may be offset by strengths in detection and response. Security warnings and cautions in reality should deter network users from commiting acts that will endanger the network. This is not to say that these warnings will be enough to deter the user from
Security has always been an important issue that large and small organizations have been dealing with to protect their staff and assets. However, the security industry did not come into fruition until later on in the 19th century (McCrie, R. 2007). During this time the major security programs were developed, investigations, guarding, executive protection, alarm monitoring to name a few (McCrie, R. 2007). During the 1950’s the model of
This present reality capacities of gear are getting up to speed to the ideas and guarantees of the most recent couple of years. It is frequently said that the main consistent in life is change. For security directors confronted with advancing obligations, more assorted dangers, a less steady work power, and regularly creating innovation, that adage is very obvious. Yet, a more intensive take a gander at this new environment proposes that, shockingly, the greater part of the progressions is working to support security. To some degree, what will make the following couple of years diverse for security operations is that this present reality capacities of hardware are making up for lost time to the ideas and guarantees of the most recent couple of years. As PC and information transmission advancements keep on improving, as the highly advertised Internet develops, and as security hardware costs descend, organizations are changing the way security offices work, both as a unit inside security 's space and as a capacity inside the partnership "Individuals are more touchy to security needs and the way that we are here to ensure
The process that comes with a Risk Assessment is that of identifying risks that could affect the company as a whole and how to defend the company from being attacked and/or breached. By doing so, a plan can be set out to determining the impact to the company’s assets by a threat, and how the company will take care of the issue.
Identify what you see as the main purpose of security management and discuss what is meant by the statement that ‘security measures must be commensurate with the threat’.
Which is making sure travels are secured at all times and protecting the airports assets. The security manager must show that he or she has confidence in their workforce, to ensure that the general public, airlines, and all person’s on an aircraft get to their destination in a safe and sound.
In a nutshell, a security manager serves as the expert on InfoSec protection, response, detection, as well as recovery. The security managers accomplish any management objectives acknowledged by the CISO and resolve managerial issues from other technicians. Security managers are frequently assigned particular administrative duties by the Chief Information Security Officers, in addition to policy development, operational and tactical planning, contingency planning, and risk assessment among other security functions (Whitman & Mattord, 2013). The position holder frequently liaises with the rest of the departmental and divisional managers in joint planning and the development of sections like security duties in the human resources hiring as well as termination procedures. A security manager also maintains the current and appropriate body of knowledge that is necessary to perform the Information Security management