1. What function constitute a complete information security program
It is important for an organization to have good information security program to ensure there is no loss of data to unauthorized personnel. A complete information program constitutes different functions which include risk management and risk assessment (Peltier, 2002). These two components identify possible risks which may lead to loss of information to unauthorized person. This program also ensures that the risks which would make the company to lose its information are avoided by putting physical security and securing the entire information system to reduce the loss of data. It also constitutes of system testing, legal and policy assessment. System testing also form part of information security program (Allen, 2001). This part ensures that the information security program is working properly and can prevent all the security threats that the organization system is facing. Furthermore it also constitute of legal and policy assessment which require the organization to comply with security standards. To have a well equipped information security program, other elements such as security planning, incident response, authentication, network security and training must be there in order for it to work efficiently.
2. What is the typical size of the security staff in a small organization?
The Organization budget is the main factor that influences the typical size of security staff. The organization with a big budget is able to employ many security staff because there is sufficient amount that the company would use to pay for many workers. Another important factor that affects the size of security staff is information sensitivity. The organization which has sensitive information requires more sophisticated security system which requires much staff to provide. Sensitive information requires security measures such as biometric security features, physical security feature and others which require many staffs (Peltier, 2002). Regulations also control the number of staff the organization requires to manage its security system. Some organizations follow some legal policies such as labor law that spell the number of employees to be employed within a given department depending on the size of the organization.
Small organization 1 full time with two assistants
Medium size organizations 1 full time with three assistants
Large size organizations 2 full time administrators, 4 technicians, 16 assistants
Very large organization 20 full time administrators, 40 assistants and 5 technicians
3. Where can the organization place the information security unit?
The information security unit can be placed within the information technology department managed by CISO who is answerable to CIO on matters of information threats. It is located within technology department because the company information is protected using current technology (Allen, 2001). In the contrary it should not be placed within the finance department, marketing department and even within human resource department because it not related to neither of those departments.
4. Into what four areas should the information security function be divided?
Security functions are divided into four areas including network security which ensure there is there is no traffic coming in and out of the system (Peltier, 2002). A wireless security system which ensures the organization information transmitted through wireless media is secure through the use of security systems such as encryption and authentication. Phishing and identity theft is also another area in which information security is divided. It prevents the attack of the system by different threats such as viruses by improving authentication of the sender of the information via the email (Allen, 2001). The final area is VolP security which reduces the vulnerability of information after the introduction of IP devices. It minimizes threats such as DoS which are likely to attack the system.
Â
References
Allen, Julia H. (2001). The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley. ISBN 0-201-73723-X.
Peltier, Thomas R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications. ISBN 0-8493-1137-3.
Part 2
I seek what you leak
Ensure sensitive information on the laptops, phones is encrypted
Design of security posters
Enter at your own risk
Unauthorized access
The attempted or successful access of the information or system without permission or right to do so
Hey, we? Get off my network
Always be attentive for social engineering attempts and verify requests for sensitive information
Securely configure your network and monitor for any unusual behavior
Â
Â
Request Removal
If you are the original author of this essay and no longer wish to have it published on the collegeessaywriter.net website, please click below to request its removal:
- Essay Example on Leader-Member Exchange Theory and Social Network Theory
- Research Paper on Constructive Organizational Conflict
- Ten 360-Degree Questions with Annotations (Call Center)
- Role of Total Quality Management in a Hospital Organization. Essay Example.
- Essay Example on Agent and Employment Law
- Effective Supervision - Paper Example
- Risk Management Applied to Project Development: A Case Study