Information Security Essay Example | Topics and Well Written Essays - 1000 words - 1

Information Security - Essay employmentThere is also a vast body of empirical evidence that demonstrates that general managers ought to be overmuch more involved in the formulation and implementation of info security because they are more able to assess particular types of pretends, more attuned to cost-benefit considerations, and better able to integrate training security into a telephone line organizations larger structure than narrow-minded security specialists (Lacity, 2005). In order to more clearly elaborate how organizations should approach path information security issues, this essay will discuss how businesses should strike a balance between information security and information sclerosis and what professional competencies ought to oversee information security policies, procedures, and practices.As an initial matter, it should be noted that information security can be neglected by business organizations (National Institute of Standards and Technology, 1998) as well be over-hyped and made far besides complex for complete use (Angus, 2005 Miller, 2005). The most discreet course of action, to be sure, is neither a zero-information security policy nor a strategyic approach that is too complex (Angus, 2005) or too expensive (Lacity, 2005) for the organizations conveys. A balance needs to be struck.Commenting on a study carried out by the GAO, the National Institute of Standards and Technology established a viable vertical example for promoting good practices for information security programs this framework deals with risk assessment, the taking steps to reduce risk, and the creation of a central management group devoted to these risk management functions. This section will address good practices as they pertain to risk assessment and tailoring an information security policy to organizational goals and to hang on cost-effective.The essence of an effective risk assessment procedure is not to assume that every conceivable risk can be planned for, but instead to identify steps to reduce the treat of effectiveness risks to levels that are deemed acceptable (Workstation Services Support Group, 1998). This notion of acceptability is crucial to any cost-benefit analysis involving an information security system. The first step is to create a recognition that an organizations informational resources are valuable assets in need of protection. This means creating a pervasive organizational understanding about security risks, new security threats and the procedures for holding workers informed. The second step is to draft and implement risk assessment procedures which incorporate the information security system into the larger business structure. This means treating information security as a business concern respectable as much as a technical matter for IT specialists. The third step requires holding individuals responsible for information security issues. This is important as it eliminates the possibility of passing responsibili ty on to security specialists and demands a comprehensive approach to information security. The fourth and final step requires that security risks be monitored and