CC1604_ASSIGN05 - Security Management 1 Security Management...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Security Management 1 Security Management Cesar Campana, MMIS0627 Graduate Student, Nova Southeastern University School of Computer and Information Sciences November, 2011 Author Note Cesar Campana, Graduate Student, School of Computer and Information Sciences, Nova Southeastern University. Correspondence concerning this paper should be addressed to Cesar Campana, 2240 SW 50 Av, Fort Lauderdale Fl 33317. E-mail: cc1604@nova.edu Background
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Management 2 Information Security Management describes activities that relates to the protection of information and information structure assets against the risk of loss, misuse, disclosure or damage. It is based on the Information Security Management System that is a set of policies and procedures for systematically managing and organization’s data (ISMS, nd). The implementation of the security is a topic that not even the most powerful companies in the world have under control. There are in the market several standards that will recommend a set of security framework that will help the companies to improve their security. The problem is that it does not matter what kind of standards the company is following, is that every time there are new ways to break those securities. The companies every day are saving more sensitive information from customers and while this is increasing, the security level is decreasing in the same proportion. The Information Security Management System’s goal is to reduce risks to manageable level, while taking into perspective both, business goals and customers expectations. It is not specific to an industry; the concept can be applied with little modifications to make it relevant to a specific industry (Ramakrishnan, n.d). The ISMS implementation is basically divided in two principal groups, process and products. In the process, the objective is to focus on the planning and implementing management practices and procedures to establish and maintain information security. The managers should select the different processes that will be implemented, between them for example, screening of new employees, then the implementation should be the process of screening. The products are management system that the organization uses to evaluate software products. The evaluation is the process whereby a specific product or system is subjected to a detailed series of test to determine whether it satisfies a predefined set of requirements (Eloff, nd).
Background image of page 2
Security Management 3 The implementation of an ISSM, could be split it also in Hierarchical Organizations and Emergent Organizations. Most of the standards that we can see in the market are based on the hierarchical organizations. An organization of this type is inflexible and had a rigid structure. The Emergent Organizations are companies that are based totally in technology, a clear
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

CC1604_ASSIGN05 - Security Management 1 Security Management...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online