Security Risk Management SRM and Auditing Essay

Good Essays

The term “be prepared” applies especially well to today’s business environment, where enterprises across all industries and locations are challenged by a volatile, increasingly unpredictable world. In addition to protecting their internal resources, organizations must consider the security and well-being of their employees, partners, suppliers and customers, as well as the reliability of the web of networks and systems on which most now depend.

Stop Managing Security. Start Managing Risk.

The way forward lays in a security risk management (SRM) approach that protects your company from the most severe threats to critical IT systems and operational processes. SRM helps your organization understand its assets and analyze …show more content…

The lack of management support is one of the key failures for IT project implementations (Johnson 1995). Similarly, without adequate management support, IT security audit would not accomplish much. Part of a balanced SRM is a proper risk evaluation or an audit. An IT security audit should be integrated into the corporate management function as an important priority. There are two types of management approach to the IT security function in the organization. The first is the bottom-up approach. The implementation of the IT security audit is from the grass-root level, whereby, the systems administrator and technical officers are the one making the decision on how to improve the security systems. This is advantageous because they possess technical expertise to enable them to execute these IT security functions. However, even with the best technical expertise, IT security within an organization would still be vulnerable due to lack of participation support from top management and the users of these IT systems. Another management approach is the top-down approach. The IT security audit is initiated by the top management. Top management is responsible for setting the organization's goals and making sure that the IT security function is aligned with these goals. This includes creating a corporate culture which appreciates the importance of IT security. The support for IT security auditing in the organization is shown

Get Access