211173061 MSC767 Business Security Management

of 14
7 views
PDF
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Document Description
Business Security Management Report by: Bina Kartika Candra Student’s ID Number: 211173061 Word count: 4008 MSC767 Business Security Management Date of submission: 16th January, 2011 1 Table of Contents Executive summary ................................................................................................................................. 3 1. A. 2. A. B. 3. A. Chief Information Security Officer .....................................................................................
Document Share
Document Tags
Document Transcript
  1 Business  Security Management Report  by: Bina Kartika Candra Student’s ID Number: 211173061  Word count: 4008 MSC767 Business Security Management Date of submission: 16  th January, 2011  2 Table of Contents Executive summary ................................................................................................................................. 3 1.   Chief Information Security Officer ................................................................................................. 4 A.   Advantage and Disadvantage ...................................................................................................... 4 2.   Social Engineering threat against company ............................................................................... 6 A.   Policies and procedures ............................................................................................................ 6 B.   Case Studies ................................................................................................................................ 7 3.   Outsourcing IT Security to Securities Service Provider(SSP) .................................................. 8 A.   Advantage and Disadvantage ................................................................................................... 8 B. Case Studies ................................................................................................................................. 10 4.   Updating Security Policies .......................................................................................................... 11 A.   Steps in updateing security policy ......................................................................................... 11 5.   Conclusion ................................................................................................................................... 13 References ............................................................................................................................................. 14  3 Executive summary Information is the primary commodity in Commerce. Each times a transaction is done, businessgenerated data including Transaction data, Credit card information or Customer data which canworth millions for some company. As technology advance and business process becoming morecomplex Company wants to protects its data to ensure its confidentiality, integrity yet stillavailable to person who need it.This report will discuss main issue in business security management to help companies or CEO tomake various decisions on designing and implementing its IT security policies. this report willgive value to companies in 4 ways; by discussing the advantage and disadvantage of CISO in acompany, by giving explanation to understand more about social engineering threat and give stepsto counter it, by giving discussion regarding outsourcing company security and to give steps indesigning and updating companies security policies as part of the defence against security threatin modern days.  4 1.   Chief Information Security Officer Dumnonia want to restructure its management structure and implement a new Chief Information Security Officer (CISO) position. Discuss the advantages anddisadvantages in creating new security positions (e.g. CISO) and the impact upon theoperational aspects of the organisation; A.   Advantage and Disadvantage CISO or Chief Information Security officer is a person that is responsible for IT Securityin organization, The CISO is different with CSO because the CISO is only responsible forthe IT security, where CSO is responsible for physical security, risk management andbusiness continuity. ( Slater, Derek 2011) Describes Some Responsibilities of CISO is asfollows:    As Lead operational risk management Manager responsible for enterprise IT securityto increase the value of the enterprise    Leading network security managers or teams who responsible for the company assets,intellectual property and infrastructure.    Set goals in IT Security protection in accordance with corporate strategic plan.    Manage the development including update and implementation of global securitypolicy, standards, guidelines and procedures to ensure IT security of the enterprise. Insome company also responsible for physical security of the company such assetsprotection, workplace surveillance and protection, access control system, etc.    Manage the enterprise‟s incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with suchbreaches as necessary.    Work with security consultants as appropriate for independent security audits.The advantages in employing a new Chief Security Officer are:    Reducing IT and Compliance risk The CISO noted that reducing IT and compliance risk is viewed as a businessobjective and to complete this objective, the CISO will manage and implement globalsecurity policies including their standards, guidelines and procedures. As results theorganizations that have CISO in their ranks will use these policies and targets forminimum acceptable downtime and maximum acceptable risk. The use of proceduresand controls are nearly fully automated, and reporting of problem or IT risk occursusually daily or weekly.    Reducing Financial Lost from IT failures and disruptionsAfter the policies are implemented every action involved in IT practices inorganizations will be as efficient and effective as possible. Important customer data isbeing secured and backed up, and maintenance will be nearly automated. This willmakes downtime from IT failures as minimum as possible making businesstransactions done by the company running more smoothly therefore financial loss canbe avoided.Even though the role of Chief Information Technology Officer (CISO) has manyadvantages, it also has some disadvantages as well, it was usually occur with small tomedium company who just implement the role of CISO for the first time.
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x