Components of a security program
An information security program is made up of several components. Examples of the components include people, technology and processes. The components play an important role in the implementing the security program. A security program should have people to implement it. For example, managers are supposed to guide the staff in developing and maintaining the security program. The managers should outline the roles and duties of each member. For instance, the managers should identify who is supposed to manage the security program. Also, they should outline other tasks to be carried out by the members so as to achieve e the objectives set. Roles and responsibilities are also considered an important component of the security program (Johns, 2002).
Apart from people and responsibilities, technology is another component of an information security program. Technology is important in security programs as it helps create controls. This makes it easy for the organization to meet the objectives sect. Process can not work alone without being automated. Thus, organizations need to include technology in information security program so as to ensure automation of processes. The managers in the organization should judge whether controls are effective or not. The technology can be operated by different departments having different information processing requirements.
Auditing of information security policy is important as it creates effective control. Though, auditing helps in ensuring effective control, it is not effective. The technology used in the information security program should ensure maximum protection of information. The information security program architecture should be multilayered and redundant so as to ensure maximum protection of information. The technology used in the information security program should not allow multiple accesses to information. There are various methods that users can access data. The methods depend on several factors like the location of the user, authorized access rights and availability of resources. Another factor is technology prowess. The information security system should be designed well to avoid such paths (Johns, 2002).
Another component of an information security program is processes. Processes are important as they help maintain effective controls. An information security program should have security processes. Securities processes are said to be methods that an organization uses to achieve the objectives set and implement the program. Processes in a security program are meant to measure control of risks, availability of data and integrity. Also, the processes are meant to measure the confidentiality, accountability and manage the various factors. There are various types of information security processes. That is information risk assessment processes and information security strategy. Other processes include security control implementations and security monitoring and updating processes.
The process plays various roles. For instance, the information security risk assessment processes is used to detect threats and assess threats in the organization. Information security strategy is a plan that is to prevent risks by integrating technology, policies, procedures and training together. Security control implementation involves acquiring technology and assigning of duties to managers and the staff. Also, it involves developing risk controls. The security monitoring process is used to determine whether risks are being asked and controlled well (Johns, 2002).
Lastly a security program should have security policies and program strategy. Security policies are important as they help prevent risks in the organization. The security policies need to be monitored regularly so as to prevent risks. This will make it easy for the organization to meet the objectives set (Johns, 2002).
Conclusion
An information security program is supposed to protect information in the organization from illegal people. There are various steps that should be followed when developing an information security program. The first step is baseline assessment. This is assessing the current program so as to identify its weaknesses and strength. The second step is identifying the strategic objectives of the organization and the program. The managers are required to analyze whether the program architecture is inline with the objectives. The third step is developing the program and implementation. The last step is monitoring the security program. The components of a security program include people, processes, technology and facilities.
Reference
Bayuk, J. (2007).Stepping Through the InfoSec Program. ISACA
Johns,M.L. (2002).Information management for health professions. Cengage Learning
Mather, T., &Egna,M.(2004).Developing your information security program. Retrieved from http://www.informit.com/articles/article.aspx?p=353172 on 26/08/2010.
Is this your assignment or some part of it?
We can do it for you! Click to Order!
