Definition of Security Management
the set of functions (a) that protects telecommunications networks and systems from unauthorized access by persons, acts, or influences and (b) that includes many subfunctions, such as creating, deleting, and controlling security services and mechanisms; distributing security-relevant information; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
|
|
Security Management
|
|
Ways To Become An Effective Information Security Professional - From A GIAC Wannabe Perspectives
This paper will examine the requirements to become an effective Information Security Officer. At the end of this paper, one will realize that achieving Information Security proficiency and maintenance of the expertise will be a daunting task. As the saying goes; "Learning is lifelong for Information security Professionals". The motivating factor of me choosing this topic is the realization that people is the most important factor in Information Security. SANS clearly indicated: "Assign untrained people to maintain security and provide neither the training not the time to make it possible to do the job" as the # 1 management error that lead to computer security vulnerability.
Read the Article
|
Pockets of Chaos: Management Theory for the Process of Computer Security
Managing Chaos is the ultimate paradox Understanding how to balance the opposing forces of flexibility and consistency is the key to managing the ever-changing security landscape. Computer Security is a journey not a destination. We strive to reach the goal of being secure, knowing that we will not ever succeed. The Information Security Professional is responsible to continually evaluate the security process ensuring the best results possible with the available resources. Just as no security process is complete without user education and involvement, so to should every security staff member have a big picture understanding of the overall goal. For society to embrace the evolutionary possibilities of the Information Revolution, we have to find a way to manage the dangers inherent in this new world order. Protect, Detect and Respond.
Read the Article
|
Mixing Technology and Business: The Roles and Responsibilities of the Chief Information Security Officer
With the rise of the Chief Information Security Officer to the executive level, organizations that previously relied on information technology department personnel for security now have an individual dedicated solely to the physical and technical aspects of security for an organization. This research paper describes the roles and responsibilities of the Chief Information Security Officer and the importance of these roles and responsibilities to public and private organizations worldwide. In addition, this paper explains the return on investment and the importance and how it relates to the Chief Information Security Officer.
Read the Article
|
Security Outsourcing
The Internet has become an integral means of doing business over the past few years, making information one of the most valuable assets companies possess. As a result, companies are now forced to find ways to secure that asset. There are three ways to accomplish the security of the company's assets. The company can perform all tasks inhouse, hire an outside company or companies to perform all security related tasks, which is outsourcing, or some combination of the two. The primary focus of this paper is outsourcing security services and therefore most of the discussion will reflect that, though some mention of the other two options will be put forth. Outsourcing can be simply defined as an arrangement in which one company provides services for another company. These services are ones which typically could be handled in-house, but which are for various reasons turned over to another company or companies.
Read the Article
|
Why MSS?
Managed Security Services is still in its growing stages at this time and there is only a handful of companies offering this expertise. Aventail, Counterpane Internet Security, Fishnet Security, Guardent, ISS (Internet Security Systems), NetSec, Riptech, and TruSecure offer this service. According to Infonetics Research, Western European security products, managed security providers, and PKI products and service expenditures will grow 413 percent, from $1.5 billion to $7.7 billion, between 2001 and 2005. The report comes directly from Infonetics Research and entitled "User Plans for Security Products and Services, Europe 2001" and states that estimated expenditure on all products and services will grow 328 percent and from $5.3 billion to $22.7 billion. That being said, MSS needs to be re-considered and re-evaluated by all companies on-line, so the cliche' "pay now or pay later" does become a reality and a way of doing business.
Read the Article
|
Successfully Managing Cyber Security
Managing a cyber security program involves physically protecting your company's investment in computer hardware, ensuring system availability, verifying information integrity, and securing confidential information. Implementing a comprehensive verifiable program is challenging. A new Computer Security Manager should address priorities in order: learn the basics; implement policies and plans through effective management; and work diligently to publicize security practices throughout the organization.
Read the Article
|
Web Services Security - An Overview
Many information technology visionaries say that the Internet is primed for the next phase of its evolution. The first phase, the physical infrastructure build out, has been completed, and it is now time to make use of the new communications and processing capacity to produce value. One strategy used to improve productivity is to increase the speed and quality of information flow. Another strategy is to make it easier for producers and consumers of information to locate each other and exchange value. One tactic that will be used to facilitate these exchanges is the adoption of a new approach to application construction known as "web services". An example of a web service is the stock price-updating feature in the Quicken personal finance software package. When the user requests a price update the software queries servers provided by Intuit, Quicken's maker, and they return current prices for the stock symbols the user is interested in.
Read the Article
|
Extranet Access Management (EAM)
As businesses develop Internet applications they are increasing their exposure to external security vulnerabilities from the Internet. In many companies the security of web applications is the responsibility of each application development team. Today, every new webbased application potentially brings a new and different way to manage application access. Because each application team must develop and implement its own security processes, the quality of security varies with each application development team. Often there is not a common way to monitor application development security for consistency or an effective method for administering security for heterogeneous operating systems that run the applications.
Read the Article
|
Requirements For Managing Security Information Overload
To address the Enterprise Security Information Management (ESIM) problem, a number of emerging solutions have been developed. Each of these solutions has different strengths and features. Before an enterprise adopts a particular solution, it is important to have a complete understanding of their specific requirements and priority. This paper discusses the important criteria in developing an information management solution. These requirements can be used as a guideline for comprehensive evaluation of various solutions.
Read the Article
|
A Security Guide For Acquiring Outsourced Service
Outsourcing is not an abdication of the organization's security responsibilities to an external contracting vendor. While leveraging on the economies of scale and technical expertise of the supplier, the organization needs to make sure that the outsourced IT project or service does not introduce security problems or vulnerabilities to the already-functioning internal systems, business processes and operations. This guide is an attempt to collate all security requirements relating to outsourcing, for which organizations seeking outsourcing should actively look into.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
