Essay Example on Information Security in an Organization

3 pages
704 words
Boston College
Type of paper: 
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

1. What function constitute a complete information security program

It is important for an organization to have good information security program to ensure there is no loss of data to unauthorized personnel. A complete information program constitutes different functions which include risk management and risk assessment (Peltier, 2002). These two components identify possible risks which may lead to loss of information to unauthorized person. This program also ensures that the risks which would make the company to lose its information are avoided by putting physical security and securing the entire information system to reduce the loss of data. It also constitutes of system testing, legal and policy assessment. System testing also form part of information security program (Allen, 2001). This part ensures that the information security program is working properly and can prevent all the security threats that the organization system is facing. Furthermore it also constitute of legal and policy assessment which require the organization to comply with security standards. To have a well equipped information security program, other elements such as security planning, incident response, authentication, network security and training must be there in order for it to work efficiently.

2. What is the typical size of the security staff in a small organization?

The Organization budget is the main factor that influences the typical size of security staff. The organization with a big budget is able to employ many security staff because there is sufficient amount that the company would use to pay for many workers. Another important factor that affects the size of security staff is information sensitivity. The organization which has sensitive information requires more sophisticated security system which requires much staff to provide. Sensitive information requires security measures such as biometric security features, physical security feature and others which require many staffs (Peltier, 2002). Regulations also control the number of staff the organization requires to manage its security system. Some organizations follow some legal policies such as labor law that spell the number of employees to be employed within a given department depending on the size of the organization.

Small organization 1 full time with two assistants

Medium size organizations 1 full time with three assistants

Large size organizations 2 full time administrators, 4 technicians, 16 assistants

Very large organization 20 full time administrators, 40 assistants and 5 technicians

3. Where can the organization place the information security unit?

The information security unit can be placed within the information technology department managed by CISO who is answerable to CIO on matters of information threats. It is located within technology department because the company information is protected using current technology (Allen, 2001). In the contrary it should not be placed within the finance department, marketing department and even within human resource department because it not related to neither of those departments.

4. Into what four areas should the information security function be divided?

Security functions are divided into four areas including network security which ensure there is there is no traffic coming in and out of the system (Peltier, 2002). A wireless security system which ensures the organization information transmitted through wireless media is secure through the use of security systems such as encryption and authentication. Phishing and identity theft is also another area in which information security is divided. It prevents the attack of the system by different threats such as viruses by improving authentication of the sender of the information via the email (Allen, 2001). The final area is VolP security which reduces the vulnerability of information after the introduction of IP devices. It minimizes threats such as DoS which are likely to attack the system.



Allen, Julia H. (2001). The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley. ISBN 0-201-73723-X.

Peltier, Thomas R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications. ISBN 0-8493-1137-3.

Part 2

I seek what you leak

Ensure sensitive information on the laptops, phones is encrypted

Design of security posters

Enter at your own risk

Unauthorized access

The attempted or successful access of the information or system without permission or right to do so

Hey, we? Get off my network

Always be attentive for social engineering attempts and verify requests for sensitive information

Securely configure your network and monitor for any unusual behavior



Have the same topic and dont`t know what to write?
We can write a custom paper on any topic you need.

Request Removal

If you are the original author of this essay and no longer wish to have it published on the website, please click below to request its removal: