Security Plan

Posted: September 6th, 2013

Security Plan

Name:

Lecturer:

Institution:

Course:

Date:

Security Plan

Part 1

In the recent past, our society has overseen a vast advancement in a vast array of technological aspects. Putting this into consideration, many organizations have looked to benefit from these breakthroughs, especially computer technology. Majority of organizations and companies conduct their business proceedings using computer technology mostly by storing information pertaining to their activities. Nevertheless, as beneficial as these technological breakthroughs may be, they also have their flaws. In this case, both companies and organizations consider security to their stored information a fundamental consideration. Security is a complicated measure to implement especially is punitive measures have been put in place to prevent threatening situations.

There have been arising problems associated with storing an organization’s information in a computer and thus providing security to this kind of information is deemed important by many parties. This measure involves making organization’s information readily available to the relevant users at any given time. However, regarding this issue, sufficient debate has surfaced regarding whether security should be considered a management rather than technological issue. Regarding this issue, this paper attempts certify that security is indeed management issue.   Notwithstanding, a company can ensure its confidential information remains intact and free from intruders by implementing an adequate security system.

In accordance with Miessler, (2007), security is a primarily a management issue rather than technological issue. The reason behind this school of thought maintains that funds are required to oversee the complete execution of the security measure to ensure the safe storage of information. Since budgeting is a management and not technical issue, then security is a management issue. It is prudent to understand that the corporate world requires provision for authorization of certain responsibilities by respective parties (2007). Security is a sensitive aspect and confidential and essential information regarding a given company may leak to the wrong parties if not properly maintained.

The above point shows that an aspect of management has to exist in an incentive of ensuring proper safeguarding and storage of information, and releasing it to qualified parties (Miessler, 2007). Furthermore, the management issue is also implemented in the aspect of budgeting. This measure ensures that the correct amounts of funds are forwarded to the intended activities. Putting this into consideration, certain departments in an organization will always require more funds to run compared to others. In addition, if information regarding the organization is to be properly safeguarded, there will be need to hire staff who will ensure that this practice is executed. This shows that money is further required to orchestrate this measure. This is further proof that security is a management issue rather than a technological issue (2007).

Part 2

• If I were appointed as the Information Technology Director of a small firm, I would first look to customize the plan in a format that meets the intended objectives.
• This would involve identifying all the threats facing the information regarding the firm.
• Secondly, I would look to include a detailed overview that analyzes and prioritizes the threats mentioned above.
• I would also include plan strategies and plans aimed at reducing the possibility of those threats occurring. In turn, I would formulate contingency plans to counter those threats in case they occurred (Gerbec, 2009).
• The security plan would be divided into several organized sections. This section include an introductory section, the aspects of security in the firm section, security requirements section, security risk assessment section, actions to take section, and a maintenance section.
• Beyond the security plan itself, I would look to include an auditing provision that gives an assurance on the execution of the activities stipulated in the plan (Gerbec, 2009).

Reference

Gerbec, M. (2009). Drawing up and running a security plan in an IT type company. Safety, Reliability and Risk Analysis: Theory, Methods and Applications, 2, 1473-1479.

Miessler, D. (2007). Security as a Management Issue. Why organizations should consider organization issue to products, 16- 95