SECURITY MANAGEMENT

Security Management and Practices

Abstract

With all corporate organizations utilizing corporate computing policies in their workplace, security becomes of vital importance, especially with human resource handling sensitive information of varying levels. Security management plays a valuable part for such organizations, via the collection, monitoring and analyzing data from the computer system logs. These logs may be from many sources, such as antivirus software's, fire walls, routers and switches. Security management also has several practices to ensure safety of employers, such as Risk Assessment Management, installation of policies, procedures and guidelines, and data classification programs. Business Continuity Planning is also utilized by corporate organizations that are faced with disruptions of their daily security systems or data related disasters. Risk prevention and assessment is part of this and is of such importance that organizations depend entirely on their predictions of possible losses and crisis management.

Contents

Introduction4

Change control and management5

Data Classification5

Policies, Standards, Guidelines and Procedures6

Information Security Management6

Risk Management7

Personal terminal security, training and awareness7

Business Continuity Planning8

Conclusion9

Reference11

Security Management Practices

Introduction

Security management is described as a field that deals with asset management. It is also broken down into physical security as well as human resource safety and security functions. For high profile management organizations, identification of information assets and development is also considered a part of security management. Implementation of policies and standards/procedures are also monitored, as well as guidelines provided to users for future reference. Security management practices include services for the public and private domains. These services could be:

1. Data classification

2. Policies, procedures, standards and guidelines

3. Risk assessment management

4. Personal terminal security, training and awareness.

The information security field of security management adds in the identification of information data assets, as well as the development of policies and procedures. This leads to practices of risk management and classification of data. Confidentiality and integrity of information is also dealt with in security management through swift identification of threats. With security management and its incorporated security control management, effective implementation is applied on the organizations assets, reducing their vulnerabilities from the external environment.

Change control and management

Change control and management security is an issue that is raised with security management. As integrity and reliability are both qualities that businesses swear by to their customers, they want to know that their security models are failsafe. However, modifying systems break warranty; hence change control management and security administrator is needed for the client who does not understand the security implications their request may have on the system. The tools commonly used by security administrators for this particular practice are mostly checksums, digital signatures and tripwires. If efficiently installed, the change control can expose meager faults like policy violations, to major causes of data corruption and hardware failure. Prompt implementation of security patches on programs and efficient future policies to ascertain stability of production may also be of assistance in the long run.

Data Classification

Data Classification is an access control model built to secure and control sensitive and vital data regarding organizations. It uses a process to review a company's business data ...