Information Security Principles and Management
Information security management is one of the three communities of interest functioning in most organizations. As, a part of the management team, it operates like all other management units by using the common characteristics of leadership and management. In Information Security the goals and objectives differ from those of IT and general management communities in that they are focused on the secure operations of the organization. Because the Information Security management is charged with taking responsibilities for a specialized program, certain characteristics of its management are unique to this community interest.
The extended characteristics of information security are known as the P5 planning, Policy, programs, protection, people and project management.
- Planning: Planning in Information Security management is an extension of the basic planning model. Included in the Information Security planning model are activities necessary to support the design, creation and implementation security strategies with in the IT planning environment.
- Policy: The set of organizational guidelines that have certain behavior within organization is called policy. There are 3 general categories of policy in Information Security. Enterprise information security policy (EISP); Issue Specific Security policy (ISSP); System Specific Policy (SysSp)
- Programs: Programs are operations of Information Security that are specially managed as separate entities. A security education training awareness program is one such entity. SETA program provides critical information to employees to either improve their current level security knowledge.
- Protection: this protection function is executed via through set of risk management activities, risk assessment control, as well as protection, mechanism, technologies and tools. Each of these mechanisms represents some aspect of specific controls in the overall information security plan.
- People: People are the most critical link in the information Security program. It is imperative that managers steadily recognize the crucial role that people play in the Information Security program.
- Project management: The final component of application of thorough project management discipline to all elements of the information security program. Project management involves identifying and controlling the resources applied to the project as well as, measuring progress and adjusting the process as progress is made toward the goal.
For more details you can visit our website at http://www.helpwithassignment.com/IT_Security_Assignment_Help and http://www.helpwiththesis.com