CHIEF SECURITY OFFICER
ELECTRONIC SECURITY MANAGER
PHYSICAL SECURITY MANAGER
RISK MANAGEMENT OFFICER
ASSESSMENT OF RISK
DATA ACCESS SECURITY
ELECTRONIC INTRUDER DETERRENCE – VIRUSES AND MALWARE
STAFF VETTING AND SEPARATION PROCEDURES
AUTHORITY FOR ACCESS
INTRUSION DETECTION SYSTEMS
SECURITY BREACH NOTIFICATION
CHANGE IN CULTURE
INCIDENT RESPONSE TEAM
SECURITY AWARENESS TRAINING
GENERAL SECURITY AWARENESS TRAINING
CONCLUSION AND RECOMMENDATIONS
Given the extent of, and the nature of the organisation, the effective operation of the information technology systems is vital to the continuation of business. However, a corporation of 600 staff poses unique security challenges, many of which are satisfied with the implementation of an operational training program completed by all staff. This plan was developed, in part, to address issues identified in the security audit of 2007. Some of the issues raised have been addressed through the implementation of the Technical Systems and Information Technology Security Policy presented independently of this plan. Other issues of concern include incident response, disaster recovery, and business continuity. General lack of staff awareness of security issues is also a concern. This plan was formulated to be an integral part of the organisation’s security policy; it identifies potential threats to physical and electronic information security, designs guidelines in all areas of the organisational operations to minimise risk, and suggests an appropriate training scheme to be completed by both current and future employees at all levels.
Chief Security Officer
The Chief Security Officer (CSO) is responsible for the oversight of the security system and coordinating security activities. The CSO is also responsible for staff security activities including security screening and security awareness training. Electronic Security Manager
The Electronic Security Manager (ESM) oversees the electronic protection of the network and the administration of the database. Physical Security Manager
The Physical Security Manager (PSM) is responsible for maintaining physical integrity of the organisation, its employees, and equipment. Risk Management Officer
The Risk Management Officer (RMO) is responsible for oversight of the disaster recovery centre as well as investigating alleged security breaches.
Assessment of Risk
Any organisation may become a target of persons wanting to acquire that information for personal, financial, or competitive advantage. The threats to an organisation’s information security may be both physical and electronic. Physical
(Hagen, Rong & Sivertsen, 2008)
Building security is meant to safeguard personnel, property, and equipment. Properly instituted, it prevents illegal access to organisational assets. Threats to the physical security include: 1)
Covert security breaches aimed at gaining access to information repositories a)
Unauthorised physical access to premises to gain information. During covert...
Bibliography: Hagen, J., Rong, C., and Sivertsen, T., “Protection against Unauthorised Access and Computer Crime in Norwegian Enterprises”, Journal of Computer Security, vol. 16:3, 2008, pp. 341-366.
Irvine, C. and Thompson, M., Expressing an Information Security Policy within a Security Simulation Game, (U.S. Naval Postgraduate School: 2005).
Maley, G., “Enterprise Security Infrastructure”, IEEE Proceedings of WET ICE, 1080-1383, 1996.
Mazzariello, C., Multiple Classifier Systems for Network Security: From Data Collection to Attack Detection, Ph. D. Thesis – Supervisor: Prof. Cordella, L. Nov. 2007.
Solms, R., “Information Security Management: Guidelines to Management of Information Technology Security”, Information Management and Computer Security, vol. 6:5, 1998, pp.221-223.
Solms, R., “Information Security Management: Why standards are Important”, Information Management and Computer Security, vol. 7:1, 1999, pp. 50-57.
Volonino, L. and Robinson, S., Principles of Information Security: Protecting Computers from Hackers and Lawyers, (Readcon, New Jersey: 2005).
Wagner, A. and Brooke, C., “Wasting Time: The Mission Impossible with Respect to Technology-Oriented Security Approaches”, The Electronic Journal of Business Research Methods, vol. 5:2, 2007, pp. 117-124.
Please join StudyMode to read the full document