The management of Information Security Risks and to implement various methodologies to mitigate the security risks is a growing challenge in the filed of Information technology. The battle is on for finding out the efficient ways and design methodologies that can analyze the security risks and implement the appropriate mitigation solutions. As, every event or technique has various technologies involved that speed up the business processes there are also prone to increase risks of computer intrusion, fraud, disruption and many more.
A successful organization not only relies on finding innovative solutions or products but also on the effective implementation of those solutions. Here, technology plays a major role as these technological developments can make the implementations simpler, providing a wide range of choice. But the question arises so as to which is the right choice This can only be answered by thorough research on the cost, stability and reliability of the technology to be used (WALSHAM, 1993). The Information System of the firm should be able to process this task by taking the external (technology functionality) and internal (business environment) entities into account. Thus, the understanding and integration of technological innovations plays a key role in the modeling of any Information System to support the business goals and strategies. ...
The organization has to analyze all the possibilities and provide the solution that is technological stable and cost-effective, to implement, maintain and modify in future.
Security Management and Responsibilities
Each Line Department of the company, with its own computing facilities will appoint a senior member of the staff as Data Owner. Those systems which are operated throughout the company should also have a designated Data Owner. Data Owners across the company will be advised by the Head of ead HeadInformation Compliance and Policy. With the existing systems, advice is available to help data owners meet their responsibility in complying with the Information Security Policy.
All systems must comply with the main IT strategy developed for the company by the IT team. Mark Walker, a senior systems analyst, states that an IT strategy is the single most crucial factor for the success of an organization dependent on IT for its operations (Walker, 2000). All system developments must include security issues in their consideration of new developments, seeking guidance from the Head of Information Technology.
The management plays the most important part in building a successful IT infrastructure (Royce, 1998). Management's responsibility goes beyond the basics of support. They are the ones responsible for setting the tone for the entire security program.
Generating awareness is the most important activity of the management. The management must instruct the staff of their security responsibilities. Managers should determine the authority of individuals with respect to access to specific information systems. The level of access to specific systems should be