Developing the Corporate Strategy for Information Security: [Essay Example], 895 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Developing the Corporate Strategy for Information Security

Print Download now

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

Within this writing assignment, I will be discussing the specific responsibilities and functions of the Chief Information Security Officer (CISO). I will identify four functions of the Chief Information Officer (CIO), classify two security assurances and propose methods or technologies which will be used to verify security functions. Identify how digital forensics effects the security within the company. Assess the duties of the digital forensic personnel; describes the digital forensics process and how it affects the investigations. Discuss some of the technical resources available to digital forensics personnel and how they are used to conduct audits and investigations.

A Chief Information Security Officer (CISO) is one of the senior executives whose primary responsibility is to convert complicated business matters into effective information security constraints. The three crucial elements of security are called the CIA triad: confidentiality, integrity, and availability. The CIA triad, is intended to guide policies for information security. Confidentiality takes into account what a company needs to do to ensure sensitive data and information stays private; Integrity is focused on the life cycle of the data and ensuring that it is always accurate; Availability means that your hardware and software systems have constant uptime and that everything is maintained properly (Stevens, 2016). The CISO is considered a leader and problem solver. The CISO is involved in all 3 sections of the triad, and are responsible creating the information security program. Here are a few of the roles and responsibilities of the CISO:

  1. RISK & COMPLIANCE – The CISO tend to focus on how information security affects legal requirements and to ensure the company will comply with the policies. An example is finding out if the company in compliance with SDLC or PCI. The CISO can rewrite or adjusts the policies if the rules or compliances change. CISOs creates monitoring programs to make sure the policies that are in place are functioning properly.
  2. TECHNICAL OPERATIONS – CISO of any organization will be regularly involved in running vulnerability scans, penetration tests, and web application security assessments—among other technical operations (Stevens, 2016). The CISO must ensure all of the software and hardware configurations are compliances with the company’s standards and regulatory standards.
  3. INTERNAL & VENDOR COMMUNICATION – The CISO acts as the liaison between the different departments within the company and the vendors. The CISO must have a good relationship, communication skills, and visibility because they have to interact with the vendors or team members from each department. A CISO should be checking on their team members to address any issues. It is also the responsibility of the CISO to report any cybersecurity issues to the board of directors.

The CISO has three specific functions and how they would execute these functions within the organization are:

  1. Protect, Shield, Defend, and Prevent – this is to make sure that all team members prevent and protect the occurrence and recurrence of cybersecurity incidents or threats.
  2. Monitor, Detect, and Hunt – this ensures that team members recognize, track down and report any suspicious or unapproved events as quickly as possible.
  3. Respond, Recover, and Sustain – when a security incident occurs the team must reduce its effect and guarantee the results are conveyed quickly and return to normal operations as quickly as possible. Resources incorporate advancements, data, individuals, offices, and supply chains (Mehravari, 2016).

The CISO oversights the assessments and evaluations of the security strategies to ensure everything is consistent with security requirements. For the CISO of a small company to guarantee viability the CISO must examine the administration, operational, and technical security controls. The CISO is a recognized role title at the organization level, however the above obligations might be completely performed under an alternate title at the project, sub-office or component level (DHS, 2015).

Chief information officer (CIO) is a senior executive who is responsible for the information technology and computer systems in keeping with the company’s objectives. Per the article, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT” the CISO is responsible for a number of functions. Here are some of the functions of the CIO using the EBK as a guide:

  • Oversee: Establish and manage a hazard-based undertaking business enterprise data security procedure that locations appropriate benchmarks, systems, orders, approaches, controls, and laws (Smith, 2011).
  • Configuration: Specify risk to data security and ensure it is consistent with the program control.
  • Execute: Observe and assess the data security has consistent practices.
  • Assess: Assess the viability of big business consistency program controls against the material laws, directions, models, strategies, and methodology (nist, 2007). Two of the main security assurances that can be attained by the CIO if he implement’s a proper security training, awareness, in addition to the educational program.
  • Personal Security: CIO oversees training for personnel to help make them aware of all individual safety for example, this training would protect personal data and documentation as long as the employee have the knowledge and understanding of the company’s security measures, policies and practices and use them as guidelines to stay in line with the company’s security program. This ensures that all training is completed and understood by everyone working for the company.
  • Environmental and Physical Security: CIO ensures or certifies that physical safety is there in practice as a result of secure physical admittance measures or controls like Biometrics, or BYOD kind of devices are practiced in the corporation system that safeguards the business networks (nist, 2007).

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Cite this Essay

To export a reference to this article please select a referencing style below:

GradesFixer. (2019, February, 11) Developing the Corporate Strategy for Information Security. Retrived October 20, 2019, from https://gradesfixer.com/free-essay-examples/developing-the-corporate-strategy-for-information-security/
"Developing the Corporate Strategy for Information Security." GradesFixer, 11 Feb. 2019, https://gradesfixer.com/free-essay-examples/developing-the-corporate-strategy-for-information-security/. Accessed 20 October 2019.
GradesFixer. 2019. Developing the Corporate Strategy for Information Security., viewed 20 October 2019, <https://gradesfixer.com/free-essay-examples/developing-the-corporate-strategy-for-information-security/>
GradesFixer. Developing the Corporate Strategy for Information Security. [Internet]. February 2019. [Accessed October 20, 2019]. Available from: https://gradesfixer.com/free-essay-examples/developing-the-corporate-strategy-for-information-security/
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

close

Thanks!

Your essay sample has been sent.

Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

thanks-icon Order now
boy

Hi there!

Are you interested in getting a customized paper?

Check it out!
Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.