Produce a report of addressing the following:
1. Discuss the fit of your formal approach to security to the company’s values and the role it would play IT governance in general
2. List the threats, vulnerabilities, and attacks that your formal plan would manage.
3. Discuss the implications of legal and statutory requirements and the benefits your formal approach would bring
4. Discuss the development of a Security Policy, including a methodology and the reason for having a policy
5. Explain the benefits a Risk Management Plan can bring to a company and the steps you would go through to build one. Include the CBA mentioned above and a discussion on Contingency Planning
6. Discuss the benefits derived from seeing Security Management as an ongoing process
Benefits of Formal Security Management Plan for SoftSolutions
Twenty first centuries is considered as the era of businesses as massive progress in the business organizations all over the world can be seen. Businesses all over the world are growing is a fast pace. However, with the progress, the business organizations become exposed to some of business risks. One of such major risks is the security threat of the businesses (Peltier 2016). In the recent years, it has been seen that the security risks of the businesses have increased largely. In this particular area, Security Management plays an integral part. Security management refers to the identification of the major assets of the companies and to develop various security policies and procedures for the protection of those assets (Sennewald and Baillie 2015). In this context, it needs to be mentioned that it is the responsibility of the companies to implement the security management policies and procedures in the perfect way. This particular study takes an honest attempt to solve the security management related issues in the organization called SoftSolutions. Different steps of this report show the benefits of having a formal security management policy in the organization that helps to solve the security related issues of the companies.
From the provided case study, it can be seen that SoftSolutions is planning to have formal security management policies for the IT operations of their business organizations. These particular formal security management policies will have major positive impacts on the values and IT governance of the company. With the help of these formal policies, SoftSolutions will be able to get access to the latest technologies for their business operations. As the company’s mission is to provide their customers with better technological experience, these policies will be largely helpful for the company (Dotcenko, Vladyko and Letenko 2014). Another important aspect is IT governance. As the majority of the tasks of SoftSolutions are done based on internet and computers, it is needed to have proper security to minimize the risks of hackings, sudden system failure and others. With the help of effective security policies, SoftSolutions will be able to develop effective risk management and risk contingency policies that will make SoftSolutions less exposed to the above mentioned IT governance threats. For these reason, these policies will be fit for the company (Von Solms and Van Niekerk 2013).
Some of the major threats that the formal plan will manage are as follows:
Disaster Recovery: Instances of organizational data lost can be seen in case of the attack of any kind of natural disaster or other disasters. The security management formal plan will be largely helpful to get back to the normal operations after the above-mentioned disaster strikes (Peltier 2013).
Threats Managed by the Security Management Formal Plan
Intentional Threats: These types of treats are done by the insiders of the company or the outsiders in various forms; like spreading virus, intentional mistakes and others. The formal plan will help to manage this type of risks.
Protection of Information: Various kinds of crucial information can be seen in the organizations. The security management formal plan will manage the protection of organizational information and the sources of information like hardware, software, data files and others (Kayworth and Whitten 2012).
Unintentional Threats: Some security threats are occurred unintentionally from the organizational people like wrong data entry and others. The formal system will be responsible for the management of these unintentional threats (Aljawarneh 2012).
Security Task Force: The formal plan will protect those people who will be directly affected by security threats like employees, management, networks, customers and others.
The design, implementation, operation and management of formal security policies are subject to legal and statutory requirements. It is necessary to comply with all the legal and statutory requirements in order to avoid any breach of law, regulation and contractual agreements of the security formal plan. Some of the major components of legal and statutory requirements are state wide agency policies, regulations, contractual agreements, intellectual property rights, protection and privacy policies, copyrights and others (Crossler et al. 2013).
With the compliance of legal and statutory requirements, SoftSolutions will be able to derive some major benefits for their business. First, the compliance of legal and statutory requirements will make SoftSolutions avoid major criminal charges. Second, this compliance with legal and statutory requirements will help SoftSolutions to build positive reputation of their company in the market. Otherwise, general public may lose their trust on the company. Third, this particular aspect will be helpful to increase the productivity of SoftSolutions. These are the major benefits (Soomro Shah and Ahmed 2016).
At the time of developing the security policies, the security management manager needs to follow some specific steps. There is not any exception of this fact in case of SoftSolutions. The methodology is described below:
Risk Identification: The first step is to identify the security risks of the company. For this purpose, the security management manager of SoftSolutions needs to monitor the business operations of the company (Griggs et al. 2013).
Legal Compliance: At the time of developing the security policy, it is required for the company to comply with all the legal and statutory requirements. It reduces the possibility of security breach (Hu et al. 2012).
Legal and Statutory Requirements for Formal Security Management Plan
Security Level = Risk Level: The security level must be equivalent to the risk level of the company. Too much security level can hamper the operations of the company.
Stuff Inclusion: The next step is to include the staffs of SoftSolutions in the security policy. This process will let the staffs knows about the various aspects of the security policy.
Training: This is one of the most useful phrases of the development of security policy. It is needed to provide proper training to the employees for the smooth running of the security system (Siponen, Mahmood and Pahnila 2014).
Gets It Writing: In this step, it is required to make sure that all the employees of the company is read, signed and understood the security policy. It is required for the success of the security policy.
Installation of Tools: This is the last step where all the required tools and machineries are installed for the security system.
The reasons to have a security policy are discussed below:
To Address Threats: As per the earlier part of the report, some major IT security threats can be seen in the companies. The development and implementation of security policies help to address these threats in the companies (Desch 2012).
To Engage Employees: Development and implementation of security policies play a huge role in engaging the employees for the achievements of organizational goals and objectives. The employees of the companies are responsible for the smooth running of the security system f the company.
To Get Directions: IT security system provides the organizational people with the roadmap about what needs to be done and when needs to be done. For example, this system dictates how to access the organizational data and information. Security system makes it easier for the organizational people to get access to the organizational information and makes it tough for the outsiders (Wall 2013).
The major benefits of risk management plan are discussed below:
Identification of Major Risks: Some major risks cannot be seen in bare eyes. A compressive risk management program provides the organizations with deep understanding about the major risks of the company (Hubicki 2014).
Support to the Board Members: With the help o risk management plan, the board of directors can get the knowledge about major risks that help them to take necessary actions to minimize them.
Protect Resources: Risk management plan of the companies take necessary actions to mitigate the business risks. This process helps the organizations to protect their resources in an effective way (Hubicki 2014).
Steps to Develop Security and Risk Management Policies
Insight to Regulatory Issues: An effective risk manage plan provide the companies with the view of major regulatory issues in their companies. Thus, the companies become able to make the contingency plans.
As per the provided case study, it can be seen that SoftSolutions is planning to bring 20 employees from TransACT to SoftSolutions. The Risk Management Plan regarding this process is shown below:
Risk Identification: In the process o bringing the employees to SoftSolutions, there may be the occurrence of Training Risk of the new employees. Another risk is the Compliance Risk as all the 20 employees need to be complied with the legal regulations of the company. The next risk is Protection of Information Risk. Some of the new employees may cause damage to the security system and information of the company. These are the major risks.
Risk Analysis: Looking at the nature of the above-mentioned risks, it can be observed that all the risks are of utmost importance as all of them can cause severe damage to the business operations of SoftSolutions (Poolsappasit, Dewri and Ray 2012).
Risk Evaluation: Based on the evaluation of these risks, it can be said that all of them can reduce the efficiency of the company. As a result, there can be a major decrease in the productivity, revenue and profitability of the company.
Action: It is required to arrange proper induction and training program for the new employees to reduce the training risk. In case of the compliance risk, it is needed to make verification and necessary documentation of all the employees along with their compliance of legal and statutory regulations. In case of security and information risks, it is required for SoftSolutions to set an effective security system to mitigate this particular risk (Pritchard and PMP 2014).
Monitoring: There needs be a separate team of 2 to 3 people that will be responsible to monitor the risk management plan of SoftSolutions. In case of any issues in this plan, they will report t the senior authority of SoftSolutions.
Particular |
Amount ($) |
Total Cost Training Cost Verification and Documentation Cost Compliance Cost Security System Cost TOTAL |
10,000 3,000 7,000 50,000 70,000 |
Total Benefits Income from Creating Websites Income From Setting up of Database Income from Developing Office Tasks TOTAL |
30,000 50,000 40,000 120,000 |
Cost Benefit Ratio (Total Benefits/Total Costs) |
1.71 |
From the above calculation, it can be seen that the total Cost Benefit Ratio for SoftSolutions from the risk management plan is 1.71. It implies that the new risk management plan will increase the productivity of the company by minimizing the above-mentioned risks. Thus, it is recommended that SoftSolutions should adopt this Risk Management Plan.
Contingency plan refers to a course of action that helps the organizations in taking quick action in case of the happening of any unexpected events. For the development of contingency plan, SoftSolutions needs to take certain steps (Sittig, Gonzalez and Singh 2014). First, it is required for the company to develop the contingency planning policy statement that will include the necessary guidelines for contingency planning. Second, SoftSolutions needs to conduct a Business Impact Analysis (BIA) for prioritize the information system required. In the third step, it is required to identify the preventive controls for the contingency plan. The fourth step includes the development of contingency strategies for the contingency plan. In the fifth stage, it is required to develop the information system contingency plan for SoftSolutions. In the last step, it is required to ensure that the proper maintenance of contingency plan.
Importance of Having a Security Policy
There are some of the major benefits of Security Management in the business organizations. Some of the major benefits are discussed below:
- In the presence of security management, organizational managers are able to take informed decisions regarding potential information technology threats and risks of the companies. In addition, they become able to make compliance with legal and statutory regulations of information technology (Behl and Behl 2012).
- Effective security management acts as a defensive mechanism to any advanced persistent threats in order to diminish the effects of any external threats.
- Advanced security management helps the organizations in the development of sound risk management plan for their IT system. This is a major benefit for the companies.
- With the help of security management, the business managers are able to delegate the responsibilities among all the employees (Hashizume et al.2013).
- Business organizations are able to improve their credibility with the help of sound security management system. In addition, the employees become aware of the major security issues of the companies.
Conclusion
From the whole analysis, it can be concluded that Security Management is one of the major aspects in today’s business organizations. The main reason is the presence of some of the threats and risks regarding security system of the companies that includes recovery threat, unintentional threat and others. For this reason, business organizations are required to have a formal plan for security management for their companies. In this process, the companies need to take care about the compliance of security policies with legal and statutory regulations. In addition, the companies are also required to develop a sound risk management plan for their companies based on the analysis of cost and benefit. However, in this process the importance of having a contingency plan cannot be ignored. Thus, overall, it can be said that security management has many benefits for the companies.
References
Aljawarneh, S., 2012. Cloud security engineering: Avoiding security threats the right way. Cloud Comput. Adv. Des. Implementation, Technol., p.147.
Behl, A. and Behl, K., 2012, October. An analysis of cloud computing security issues. In Information and Communication Technologies (WICT), 2012 World Congress on (pp. 109-114). IEEE.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.
Desch, M.C., 2012. Culture clash: assessing the importance of ideas in security studies. Culture, 23(1).
Dotcenko, S., Vladyko, A. and Letenko, I., 2014, February. A fuzzy logic-based information security management for software-defined networks. In Advanced Communication Technology (ICACT), 2014 16th International Conference on (pp. 167-171). IEEE.
Griggs, D., Stafford-Smith, M., Gaffney, O., Rockström, J., Öhman, M.C., Shyamsundar, P., Steffen, W., Glaser, G., Kanie, N. and Noble, I., 2013. Policy: Sustainable development goals for people and planet. Nature, 495(7441), pp.305-307.
Hashizume, K., Rosado, D.G., Fernández-Medina, E. and Fernandez, E.B., 2013. An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), p.5.
Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), pp.615-660.
Hubicki, M., 2014. Risk Management Plan.
Kayworth, T. and Whitten, D., 2012. Effective information security requires a balance of social and technology factors.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Poolsappasit, N., Dewri, R. and Ray, I., 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), pp.61-74.
Pritchard, C.L. and PMP, P.R., 2014. Risk management: concepts and guidance. CRC Press.
Sennewald, C.A. and Baillie, C., 2015. Effective security management. Butterworth-Heinemann.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Sittig, D.F., Gonzalez, D. and Singh, H., 2014. Contingency planning for electronic health record-based care continuity: a survey of recommended practices. International journal of medical informatics, 83(11), pp.797-804.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.
Wall, D.S., 2013. Enemies within: Redefining the insider threat in organizational security policy. Security journal, 26(2), pp.107-124.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Benefits Of Formal Security Management Plan For SoftSolutions Essay.. Retrieved from https://myassignmenthelp.com/free-samples/bit309-security-management/risk-management.html.
"Benefits Of Formal Security Management Plan For SoftSolutions Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/bit309-security-management/risk-management.html.
My Assignment Help (2021) Benefits Of Formal Security Management Plan For SoftSolutions Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/bit309-security-management/risk-management.html
[Accessed 21 November 2024].
My Assignment Help. 'Benefits Of Formal Security Management Plan For SoftSolutions Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/bit309-security-management/risk-management.html> accessed 21 November 2024.
My Assignment Help. Benefits Of Formal Security Management Plan For SoftSolutions Essay. [Internet]. My Assignment Help. 2021 [cited 21 November 2024]. Available from: https://myassignmenthelp.com/free-samples/bit309-security-management/risk-management.html.