Introduction to security and personnel, Computer Network Security

INTRODUCTION TO SECURITY AND PERSONNEL

When implementing information security, there are several human resource issues that should be addressed. They are

•    Positioning and naming
•    Staffing
•    By valuating impact of information security across the role in IT function
•    By integrating solid information security concepts into persons practices

Employees feel threatened when organization is creating or enhancing overall information security program.

 Positioning and Staffing the Security Function

Security function can be placed within the following:

- IT function
- Administrative services function
- Insurance and risk management function
-Physical security function
- Legal department

Organizations balance requirements of enforcement with the requirement for education, training, awareness, and customer service.

Staffing the Information Security Function

Selecting personnel is based on several criteria, including supply and demand. Many professionals enter security market by gaining experience, skills, and credentials. Presently information security industry is in period of high demand.


 Credentials of Information Security Professionals

Many organizations seek recognizable certifications where most of the existing certifications are new and not fully understood by hiring organizations. Certifications include: TICSA; Security+; CISSP and SSCP; CISA and CISM; GIAC; SCP; IISFA’s Certified Information Forensics Investigator.

Cost of Being Certified

Better certifications can be much expensive even experienced professionals find it difficult to take an exam without preparation. Many candidates teach themselves through trade press books; others prefer structure of formal training.

Advice for Information Security Professionals

Always keep in mind that business before technology. Technology offers elegant solutions for some problems, but increases difficulties for others. Never lose the sight of target: protection. Be heard and not seen. Be more skillful than you let on; know more than you say. Speak to users, not at them. Know that is education can never be completed.


 Separation of Duties and Collusion

Separation of duties --control used to reduce the chance of individual violating information security; stipulates completion of significant task requires at least two people. Figure given below depicts how to prevent collusion.

Collusion – dishonest workers conspiring to commit unauthorized task.

Two-man control – The two individuals review and approve work of each other before the task is categorized as finished.

Job rotation – Employees know each others’ job skills.

 

 

                       2353_INTRODUCTION TO SECURITY AND PERSONNEL.png

Posted Date: 10/9/2012 2:54:32 AM | Location : United States







Related Discussions:- Introduction to security and personnel, Assignment Help, Ask Question on Introduction to security and personnel, Get Answer, Expert's Help, Introduction to security and personnel Discussions

Write discussion on Introduction to security and personnel
Your posts are moderated
Related Questions
Question requires you to produce a pcap file from a Wireshark capture.  In addition, you must include a screen capture of Wireshark and some specific information regarding the fram

DATAGRAM REASSEMBLY Recreation of original datagram is known as reassembly. Ultimate receiver acts reassembly as given below.Fragments can reach out of order. Header bit check

FRAGMENTATION Fragmentation information is kept in different extension header.  Every fragment has base header and fragmentation header. Whole datagram including original hea

QUESTION: a) Below is a capture of an Ethernet II frame which has an IPv4 packet and a segment. Provide the source MAC address in hexadecimal; the source IP address, the length

Question: (a) Data on four variables are stored in a file called file1.dat. The first line of the file is the variable names f, x, y and z. Give the R commands to (i) read t

ASSET IDENTIFICATION AND VALUATION This process begins with identification of assets that includes all elements of an organization’s system (people, procedures, data and informa

QUESTION (a) A convex flow problem is a non linear network flow problem. Explain how a convex flow problem could be transformed into a Minimum Cost Flow problem. (b) Exp

MB Enterprise Systems Ltd based in Mauritius is a company specialized in application development with Europe as the main customer base. The company has implemented CMMI and has rec

#questioAn elliptic curve y^2=x^3+ax+b(mod29) includes points P=(7, 15) and Q=(16, 13) a)Determine the equation of the crve b) Determine all values of x for which there is no point

PACKET SNIFFERS A packet network protocol analyzer is a network tool which collects copies of packets from network and analyzes them. It can give network administrator with valu