SecurityOperations and Management
Developmentof Policies and programs in computer security
Inthe era of increased global economy, changing enterprise risks,cross-organization collaboration through online trade, informationsecurity has become an important aspect to consider in safeguardingsensitive information. There are several directions that wouldfacilitate research and development of effective security policiesand programs. These are
RiskAnalysis and management
Mostorganizations have not adequately defined security and riskmanagement in their policies and programs since it is viewed as acostly. However, in order to develop effective programs and policiesto safeguard sensitive information, there is a need for riskassessment and risk management approach. In this case, all risks areidentified, analyzed and classified in order to assess their severity(Ortmeier,2013).In risk management, priority should be focused on managing risks thathave high potential of financial loss (Kevin, 2000). In addition,information security programs need to be aligned with enterprisegoals, objectives and strategies this is important in developinginformation security model that is effective and compatible withbusiness activities.
Inthis case different scenarios which could compromise computersecurity are analyzed. In scenario analysis, a brainstormingapproach is used to assess computer related risks and variousscenarios are used to demonstrate how such risks could be addressed.Scenarios that are severe are used as a basis of developing riskmitigation policies and programs (Kevin, 2000).
Inthis case specifications are assigned based on the value of theassets. The role of the asset in the organization is assessed andcorresponding security plan, and specifications are carried out. Thismethod focuses on cost-benefits valuation of the assets involvedbefore effective security specifications are implemented. Therationale is to assess the economic efficiency of the systems beforeimplementing security measures(Ortmeier, 2013).
KevinJ. Soo Hoo. (2000).HowMuch Is Enough? A Risk-Management approach to Computer Security.Consortiumfor Research on Information Security and Policy (CRISP.Retrieved from http://iis-db.stanford.edu/pubs/11900/soohoo.pdf
Ortmeier,P.J. (2013).Introduction to security Operations and management (4thed.). Upper Saddle River, NJ: Pearson Education