Cloud Security Risk Management

Verified

Added on 2020/05/11

AI Summary

This assignment investigates the complexities of cloud security risk management. It requires students to analyze various aspects of securing cloud computing environments, including risk identification, assessment methodologies, and appropriate control measures. The analysis draws upon a range of academic sources to provide a comprehensive understanding of the subject.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: Security Management
Investigation, Report, Policy Document

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Security Management System
Table of Contents
Introduction to the Security Management..................................................................................2
Principles of the Security Management.....................................................................................2
Methodologies of the Private Cloud Provider............................................................................3
Design........................................................................................................................................4
Implementation..........................................................................................................................5
Security Issues............................................................................................................................5
Security Risks and Mitigation Techniques................................................................................7
Legal Considerations, Standards, ethical considerations...........................................................8
Potential Benefits of the proposed Security Management for all Stakeholders.........................8
Applications of the current Security Principles and Current methodologies.............................9
Security Tools used to applied in the Mitigation Techniques..................................................10
Mitigation Techniques..........................................................................................................10
Strategies Used for Mitigation the risks of the company are:..............................................11
Security Policies.......................................................................................................................12
Human Factors, laws and Regulations for the Best Practice...................................................13
Coherent in the Security Management Application.................................................................13
Conclusion................................................................................................................................13
References................................................................................................................................15
1

Security Management System
Introduction to the Security Management
It is the core responsibility of the superior authority of the organisation that holds the
responsibility to manage the organisation security. It is necessary to ensure the system
organisational data and information as well as to protect the information by the proper risk
assessment and the purpose of having the strategic goals and the main objectives is to keep
the management secure form any vulnerable activities. The organisation generally acquire to
enable the tools used for the investing, personnel perform the business operations to meet and
identified the security needs which is mainly implemented in the organisation for the well-
designed structure of the company, it is necessary to have the proper roles and responsibilities
for the well-designed tasks as well as to have the proper mechanisms for measuring the
review and performances. It safety is not the end to the any organisation it is necessary to
have the proper suitability of the sustainable access for balancing the security in the
organisation. Safety and security management are relatively increasing in the as the one
element in the organisation to overall balance the risk management which mainly involve the
financial accountings, legal risks and the information security (Annan et al., 2012). The
relationship between the risk and security is mostly similar to the linguistic turn and to offer
the qualities being offered to address the responsibilities in the organisation in the systematic
manner. The security aid works is generally faced by the workers in the company. The
security management also introduce the domain for introducing some critical documents such
as policies, procedures and guidelines. These are generally great for the main to spell out the
importance in the organisation for managing their security practices and dealing with the
essential resources in the organisation. It mainly helps in assessing to the risks and to analyse
the threats on the resources and mainly determine where the protective mechanisms should be
used and placed. It is necessary that the employees should be trained for the security to have
an appropriate idea for having the good place for giving the training to them for practising in
2

Security Management System
the workplace (Bulgurcu, Cavusoglu & Benbasat, 2010). The main aim of the employee is to
have the main objective and the goal to ensure the confidentiality, integrity and the
availability of the resources and assets and to the information.
Principles of the Security Management
The principles are used for the specific terminology across the field in the organisation
management. The principle has their own language for which it is closely related to the
organisation needs. The principles have the limited scope and the complexity for the enabling
to the wider space of the business populations to have the business concepts to implement in
the organisation. The basic principles of the organisation is still the same in today scenario
has not be changed. The principles had the implementation in the certain areas in the
organisation. There are various principles and the guidelines is been used for implementing in
the organisation. The principles of the organisation is based on the main theory and is been
derived into the several parts of the accessing in the organisation (Chen et al., 2013).
1. Confidentiality- This is another word used for privacy of user data. There are some
parameters which is been set at a place to ensure confidentially of sensitive user
content to save this information from reaching in wrong hands. So this is to be
ensured that this information is having only restricted access and given only to limited
users .This data can be categorized according to its sensitivity and it may not fall in
unwanted hands which may misuse it .This data is to be safeguarded and it involve
special skills training to categorizing data as well as accessing of data by authorized
users.
2. Integrity- This is to safeguard the assets along with taking care of their accuracy and
completeness. Integrity of an information means that the information collected is must
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Security Management System
be useful as well as complete and accurate. It helps in maintaining the integrity of
information so that only certain users are authorized and accessed that information,
and this information is altered and updated only by certain user. So in meantime
basically integrity of information can be maintained by updating security patches of
the server on which information is stored and only authorized personnel’s can alter or
delete this information when needed (Coffee, Sale & Henderson, 2015).
3. Availability- Phenomena when Information can be remotely accessed from anywhere
when demanded is known as Availability. Information of an enterprise is specified at
the time when it is required, it must be accessed quickly but sometimes it is not
available when needed or some irrelevant data is provided. Relevant hardware is
applied so that the information can be accessed by Information assurance professional
significantly .In old time’s information is secured and locked up and never allowed to
accessed by authorized users which is not evenly accessed every time required .This is
an important truth that security is compromised when accessibility comes to place. So
it is important to balance between these two aspects in information technology.
Methodologies of the Private Cloud Provider
A system and the method is been used for disclosing the private cloud computing and for
developing and deploying to the various applications being used in implementing the
methodologies in the organisation. It provides the storage capacity with the capabilities to
store wand to process the data to the data centers. Company use the cloud platform for storing
the different files and data of the company on it. Basically the security issues are being raised
by the customers regarding to the data and to the information.
There are various phases for implementing the methodologies for the security strategies and
to the cloud services. There are various sections in which the security is used for
4

Security Management System
implementing the security policies and controls which helps in minimizing the threats and
risks in the cloud data services where the data is been saved. It is been used in all the forms
and all types of attacks which are intruded in the database. It is based on to detect the various
types of threats, attacks and vulnerabilities for detecting into the database Coronel & Morris,
2016).
There are various steps used for implementing the security strategies for the cloud services.
1. It is used for predicting the attacks and accessing the risks to prevent the database stored in
the cloud services.
2. It is essential to know each type of threat been intruded in the database.
3. Apply the various methodologies used for implementing the techniques and tools used for
detecting the threats in the database and in the system.
4. Applying the proactive strategies which are a predefined set of the steps taken to prevent
from the attacks before they damage the whole data in the database files and to the systems.
5. Determining the various vulnerabilities and threats that specify the attacks being exploit
and discovered, current policies and controls are used and altered for implementing and
minimizing the threats.
6 It is necessary to design the contingency plan which mainly helps in developing an
alternative plan if in case the attacks penetrate from the system and to the data security or any
other assets. This plan mainly helps in restoring the databases in a timely manner (De Lange,
Von Solms& Gerber, 2016).
5

Security Management System
Design
The designing of the management system includes the identification of the business
requirements accessing to the likelihood and impacts of the business risks, which generally
include the implementation and designing of the security policy and selection made regarding
to the adequate counter measures for existing risks. The designing of the security
requirements generally include the basic safety standards and the procedures and processing
of the systems and transferring of the information associated with the IT system like
managing the operations and to the technical area. The organisation has the proper designing
for implementing in the security management system so as to assess the risks placed in the
management. The main aim of designing is to secure the networks for managing the risks as
effectively as possible, rather than eliminating the threats being placed in the security
administrations. A security management system should have the logging capabilities,
monitoring and watching in the organisation. The design system centrally present the
relevancy and the data related to the state of the network. The various design are been
approached to provide the suitability for resolving the problems being generated (Haddow,
Bullock & Coppola, 2017). There are concerns regarding to the technological, time related
and economic issues for the designing approaches.
Outside Expertise- Sometimes security managers are often disinclined to bring in an outside
security to maintain the organisational behaviour of the company to prevent from the
unwanted activities. So they use experts to provide specific expertise or to render an external
opinion.
Prioritization- Vulnerability and Threat Prioritization services compares with the outside
Internet risk and exploit files with user susceptibility for monitoring the data and measuring
and order liability remediation across the company. It mainly results in, including risk
bearing visualizations that are presented within dedicated business intelligence and to the
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security Management System
control panel, as well as to consolidate to the other data. The Vulnerability risk is been in the
prioritization services to access through our Client Portal.
Internal Compliance- It can be defined as the process by which an organisation ensures that
the appropriate internal necessities in the company is been regulated such as legislation, rules,
guidelines, standards, codes, policies, procedures and controls are complied with (Harrer &
Wald, 2016).
Implementation
It is essential to successfully implement the design for security management of the
organisation. It is simple since the page is been facilitated by the various tools.
Figure 1 Successful Implementation of the Security Management in the Organisation
( Sourced By:https://www.google.co.in/search?
biw=1366&bih=662&tbm=isch&sa=1&q=implementation+of+the+security+in+organsa
tion&oq=implementation+of+the+security+in+organsation&gs_l=psy-
7

Security Management System
ab.3...88446.101138.0.101538.35.30.5.0.0.0.180.3377.0j28.28.0....0...1.1.64.psy-
ab..2.7.828...0j0i24k1.0.I8JdOryvfzg#imgrc=YZsyfWY-YPxUJM:)
Security Issues
It is necessary to be aware of the importance of the security in the organisation. Security
Manager tends to provide and facilitate the security for building the security, providing
security to the employees, financial security is the main priority in the organisation.
Moreover an organisation comprises of many resources and assets that require security
mainly dependable on its IT infrastructure. The company’s management and its infrastructure
is the lifeline of the employees as their main aim is to provide the products to the customers
and to gain the profit and make money for the company. It is important to recognise the IT
infrastructure as it is the main resource and the asset for the company which requires leading
in the security (Humphreys, 2007). There are various risks that are being raised in the
organisation are:
1. Spam- This is junk unsolicited junk mail which is always sent in bulk, this is sent
even for commercial purposes. This is sent by network of some spammers which use
the virus infected systems and it complicated to track such spammers according to
stats conducted the 80% of total mails are spam's. To avoid such mails to harm your
device never click on links of such spam unsolicited mail and never download files
from spam looking mails.
2. Viruses- It is basically a malicious code and it replicates itself and creates a loop by
copying itself to any other software and breaches security it basically attacks on boot
sector of computer. This is spread by willingly or willingly by both software or
hardware attachments of the system .This is different from some worms it requires a
trigger or a human interaction to spread .This can spread from various medium like
8

Security Management System
email, instant messaging and topological connections of various
computers .sometimes it may act as key logger and steals the banking details by
capturing keystrokes of users .By implementing antivirus software we can save our
network and all files and folders that could be easily corrupted or lost.
3. Malware- All Trojans, spyware and worms comes in category of malware which will
harm the system in a slow manner. It can easily attack all executable files on the
system which if connected to network infect the whole network of systems.
Categorically malware can be used for financial gain or to disrupt a system, all these
spyware worms’ botnets are having one motto that is to steal the valuable information
of users such as bank information, credit card information whenever a transaction is
done by user. Online banking details are also being stolen by these spywares.
Antivirus installation and up gradation of its security patch is only solution of this
problem.
4. Monitoring of the Networks- Monitoring the system and networks regularly is an
important task for an IT manager. It is needed to work together in the organization
to track its day-to-day tasks. If a server crashes in the workstations, then the system
gets affected and employees are unable to carry on with their work. If the networks
stop working then the repercussions will be affect the entire company, and it stops
the business processes to its production levels (Kazemi, Khajouei & Nasrabadi,
2012).
5. Scanning of the vulnerabilities and Patch Management- Scanning is necessary
for detecting and resolving the vulnerable issues, patch management and network
assessing for all security features that need to be specified and addressed when
dealing with networks. Scanning the company networks for open ports, technologies
that are susceptible to infection is the initial step to security.
9

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Security Management System
6. Health Hazards- It basically depend on the nature and the environment of the
company where the facilities are being located, where suddenly the threat has been
incurred in this case threats can be significant security issue being faced by the
personnel.
7. Physical Security- It provides the facility to the company to be in safe mode from the
theft which mainly deals in facilitating and maintaining them to meet native, state or
federal standards for the security of the company's and to the employees.
8. Personnel Security- It aims in protecting to the security regarding to the employees
and is regularly being checked and cited for the next annoying security concern
9. Information Security- It is the best to protect for the goods of the company
proprietary information.
10. Other Issues-This type of business initiates with the company’s performance and to
the various parts of the world where the work is to be done and also generate security
issues. Global companies generally deal with the potential threats to their foreign
business travellers (Krutz& Vines, 2010).
Security Risks and Mitigation Techniques
The techniques used for mitigating the risks are highly dependable on the type of the risks.
Mitigation Strategies are being used to fill the gap and align the new business goals and
objectives to overcome form the risks and the threats. The security breach or the threat is
been detected for security analysing the software for the help and collecting of the network
logging and to the endpoint data. It mainly enables in the timeline and session analysis that
can be held for analysing and shedding the light that how the breach has occurred and in the
way the systems are affected. The company when connected to the internet is in the big risks
and in the only way is to escape and unplug the computer form the outside world. In today’s
10

Security Management System
business world the computer and the information is the lifeblood of the every systems and to
the organisation. It mainly takes one security breach to take your company to put into the
breach or putting the irreparable damage caused to your reputation. It is necessary to lower
down the risks being detected in the organisation so as to prevent the data files and the
information of the organisational behaviour. Developing a high level mitigation techniques
and strategies is being used for the overall approach for reducing the risk and reassessment of
the residual risks (Li Da, Xu, 2017). It mainly includes the establishing criteria for which the
evaluation of the techniques takes place for detecting the threats, vulnerabilities and the
threats associated with and concerning to the main impacts which are been identified in the
organisation. The mitigation o the risks is been implied for determining the risks and
implementing the optimal measures being used for eliminating, to plan and optimizing the
measures been taken for mitigating. Reassessment of the risks basically consist of the
remaining risks after the risks is been mitigate so as to reduce the further risks if it is been
detected and found in the organisational behaviour. There are several mitigation techniques
which are generally used for reducing the risks and are dependable on the type of the risks:
1. Risk Avoidance- It is possible to have the manager who has the authority for not
choosing or implementing the processes and procedures that can produce an upper
level of risk or obscures the group’s activity.
2. Risk Limitation- Unwanted activities can be reduced by implementing to the security
measures and procedures. When implementing is made in context of the account the
cost and benefits of the implementation.
3. Risk Transference- Risk can be common and can be shared with the different
associates or transferred to protection for the companies. This action must be taken
taking for making into consideration to the organizational risk behaviour.
11

Security Management System
4. Risk Assumption- Organizations have the authority for acknowledging to the
existence of risk and monitoring it. But this action sometimes be dangerous for the
other company, for this the organisation must be well documented for managing the
team.
5. Risk Elimination- The main goal of this achievement is to remove the risk, but most
of the options tend to reduce the services of the organization in the market. An
organization that doesn’t prefer risk faces the difficulty in surviving in the market
(Lošonczi, Nečas & Nad, 2016).
Legal Considerations, Standards, ethical considerations
In the current Scenario, new media and technologies for the companies are hitting the tip
point for rising to the ethical, legal and social standards in the market. These situations are
raised up on the basis of the personnel’s moral values towards the company and the essential
responsibility to be made and follow in the organisational behaviour. It is important to make
the analysis on the ethical, legal and social standards issue being arisen on the company’s
market value. It has become a vital role to maintain the privacy and from being the employee
of the company to the managing teams. The main aim of the company is to view and to
maintain the rules and responsibility so as to preserve and continue processing the business
operations to provide the best delivery of the products and services to the users and to access
to its personal data. It is to be proven that the trust is to be maintained between the company
employees working as individual and the duty regarding to the respect of the organisational
behaviour between two human beings in the company. It is been implemented as to make
over the societal, political and informational practices of existences and public societies
globally in response with the community ethics and its technology (Mayer, 2009).
12

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security Management System
Potential Benefits of the proposed Security Management for all Stakeholders
Proposed management security is been used to make the organisation aware from the
intruders not to permit them to destroy the organisational behaviour. It basically derive the
means of involving as much as possible for getting involved in the organization for making
the initiative, intervention, or the effect is been made to involve the multiple stakeholders and
all the members for having the potential and the ability to speed up with the process in the
company. The benefits of the effective shareholder is the security management has the
ability to run the process in the management, the stakeholders are basically been viewed by
the project managers as a form of the risk management. When the expectations are meet
generally the chances of reducing the risks become high which tends to certainly affecting the
project of the organization. They generally involve with clearing the potential
obstructions, they will actively support to the swift progress with the quality being improved
and will deliver the ultimate results for it (Mell & Grance, 2011). It is necessary to identify
and understand the stakeholder’s interest as they generally allow for the recruiting and for the
other purpose. The management has the various benefits involved with the shareholders are
1. Free Resources
2. Increased preparation of the success
3. Smoother handover process
4. Safety and security
Applications of the current Security Principles and Current methodologies
Companies have the essential assets and resources. It mainly tends to maintain the order and
cultivate the competitive advantage. It is necessary that the assets which are been used in the
processes must be shared with the customers, business partners and employees. It take care
13

Security Management System
that the assets which are been used must be protected from the threats that mainly cause in
financial losses or the other harm cause to the company.
The main purpose of the computer security is to contribute mainly in the mission or in
organizing to protect the companies’ resources and assets being used in the organizations.
Successful companies deploy to the strategies being used in the organization. It mainly rely
on the employees, operations, application built for the intelligent to have the multiple
techniques an technologies being used for implementing so as to achieve all the desired level
of information being assured to the organization. Company is generally able to manage all the
risks effectively by working on the threats and reducing the vulnerabilities. It is not easy to
secure the current applications until the threats are not known (Merriam & Tisdell, 2015).
It makes the current security to lower down for compromising to the financial consequences.
Current security technologies and the concepts being used for implementing in the company
to mainly focus on the current security landscape. The current security is been used for the
basic terminology that mainly present the set of the security principles on which the
recommendations are made to implement in the current security. The company basically aims
in improving the web application security so as to avoid the threats and the malicious
activities been detected in the organization. The security to the applications is becoming an
increasingly important factor during the development of the applications. The applications
are more frequently accessed over the organization networks. It can be enhanced in the
security management for making the identification in each of the application being used in
the company for accessing to various assets and designing to the security profile and to take
the appropriate actions for identifying and prioritizing the harmful activities for documenting
to the adverse effects.
14

Security Management System
Various methods tools and techniques are being used for the security testing and system
testing. In the today's scenario it is necessary to identify the web applications harmful
activity which needs to be avoided to the highest priority. Testing of the methodologies are
used for implementing the various strategies and approaches used for a particular product of
the company to test whether the product is suitable or not. It generally involves the testing is
made according to the specifications of the products. The various methodologies is being
used and implied according to the principles of the application security to meet the specified
requirements. There are various applications currently used in the company like Spira Test
which is used for testing the cases, finding bugs, resolving issues in one environment and
testing is done all over the lifecycle for providing and maintaining the services and the
productivity of the company so that the organization keep on processing to the business
operations without any harm (Nazareth & Choi, 2015).
Security Tools used to applied in the Mitigation Techniques
Security threats are continuously increasing day by day and present the new security threats
is taking place in the organisation so as to ruin the organisational behaviour. Risk is defined
as a potential harm or loss to the system which expresses that what can happen, what is the
consequence and the solution of the harm caused to the system. It is always uncertain
procedure which basically requires lots of attention in its solution. There is a very first and
important step that is to analyse the risk and how vulnerable is the harm produced by risk to
system. The analysis will affectively lead to relationships of the risk related attributes. These
analysis leads to affectively deal to threats by risk eliminating assets .This will identifies the
nature of risk and then evaluating risk reducing countermeasures.
Management of risk involves the overall processes in which initially risk assessment is done
which contains identification of assets of risk and their value and some measures that helps in
15

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Security Management System
preventing risks. This also involves some budget related decisions that may impact the
mitigation techniques and risk transfer. Another phase of risk management include the risk
reducing methods which also contains the process of assigning priority for budget
implementation .This a continued process where first risk is identified and then its assessment
is done by suitable methods to prevent harm to the system and security of system is
maintained (Pathan, 2016).
Mitigation Techniques
After identifying that vulnerability exists in website. Even the minor vulnerabilities require
the lot of attention and overemphasizing the risk is very dangerous. It may directly affect
tothe user accounts (via cookie stealing and session hijacking) it gives other users to exploit
the personal data and other unwanted dangerous effects.
Securing User Input (or sanitizing):-It is basically a 3 part process and firstly it contains the
rejection of potentially problematic characters Here user is provided with the information that
they can’t use the prohibited characters so that user not waste their precious time in guessing
that what error is occurred .Some prohibited characters are as follows:-
• < which introduces a tag
• > closes a tag
• & this denotes a entity of character
• % this is used in URL encoding
These inputs should be properly encoded to promise sanitization .If % symbol is used in user
input but you have to prohibit the < tag . Then there are less failure chances of failure that
16

Security Management System
hacker can still use the character. Here application of prohibited characters can still be used
with a routine filter bypass system. Which will further leads for XSS attacks and increase
vulnerability therefore it is advised that all user supplied data is encoded even before its use
or when they are displayed. This will definitely help in achieving the desirable effect to the
system
The second possible mitigation technique to avoid harm from vulnerabilities are to use static
pages whenever possible these pages are largely uninteresting and will never draw crowds to
your site ,these are immune to XSS attacks (Poolsappasit, Dewri & Ray, 2012) These pages
will not rarely change in terms of content and can be treated as static HTML pages.
Strategies Used for Mitigation the risks of the company are:
1. Reasonability -A Company is not dealing with an individual possible threat in
lighting of the fact that not all the threats are functional to oversee. It is basically the
test that builds the connection to choose if the threat which can be controlled. It is
been received from the sensible and to individual standards in law.
2. Balancing of Risk and Cost-The cost been charge to manage or to control the risks
which must be familiar against the effect esteem and threats. The cost is basically
adjusted by its real monetary approvals in the event that they are available in an
organisation (Webb et al., 2014).
3. Perceptions on Threats- In the company all the employees will understand the
threats and the vulnerabilities detected to an organization's if chance isn't overseen.
The organisation is being amongst the most difficult phases with the compelling
threats in an administration so as to accomplish the proper agreement between the
security and ease of use.
4. Stability in security and its Usability- It is been used for maintain the suitability and
it is one of the testing mission with persuasive threats and administrating in
17

Security Management System
accomplishing to an appropriate regulating of framework accessibility and
maintaining the security.
5. Risk Identification and Techniques- It is necessary for every individual working in
the organisation to learn about what kind of threat has taken place and distinguish the
various kid of threats happened. Troubles are happened in most of the part when the
risk is been detected. There are 3 stages:
• Identification to the Malicious Activities
• Performance and the Calculation Performed to the livelihood
• Identification to susceptibilities
Security Policies
Without the security policies it is difficult to manage the security policies of the management
and controlling the organisational behaviour. It is necessary to make the assessment in the
risks so as to design the good security policies and procedures which mainly define the
company’s critical assets. Security is actually the multi-layered process. After the risk
assessment is completed, policies are been used for determining the process based on the
security policies on the basis on what it is been included for the risk assessments. The
assessment should help in powerful to the policy creations and on the items. It basically
includes various points:
1. Passwords
2. Patch Management
3. Employee Hiring and Termination Practices
4. Backup Practices and requirements in the storage
5. Training on the security awareness
18

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security Management System
6. Antivirus
7. System Setup and configuration (Zhang, 2010).
It is necessary to maintain the effectiveness in the security; it mainly starts from the top of the
organisational behaviour. The highest authority should know what is to be protected and how
it should be saved from the risks. Their findings are been crafted in the written documents.
The policies must be researched and verified with all the laws. Security policies are the top-
tier of the official security documents. These policies generally have the organizations assets
and on what level of protection should be provided. Security policies can be written to
generally meet the advisory and the informative of the regulatory needs (Spears & Barki,
2010). Each policies which are been placed in the organisation have the unique role or
functions of all the policies which are been applied.
The various policies are implied in the organisation are:
1. Regulatory Policy- It mainly ensures that the organization should follow the
standards and the various set of the specific industry regulations. These policies are
based on the organisational behaviour that should be implemented forming
regulations, compliance and the legal requirements of the company. These policies
are implemented in the financial institutions, public utilities, etc.
2. Advisory Policy - These policies strongly believe in advising to the employees for
the organisational behaviour and activities which should be used and not take place in
the company. Sometimes the policies are not compulsory to be suggested in the
company. Failure will cause to the consequences in the required form for the
termination or warning for the actions made in the job.
3. Informative Policy- the policies are existing simply to inform the members of the
organization. There are no specific requirements and the audience for providing this
19

Security Management System
information that should be present internally and to involve the external parties in the
organization.
4. Standards- under the security policies of the organization standards do fall in the
company. These are more specific then the policies and is been considered as the most
tactical documents to be presented. It process the more details or the necessary
documents of the company to meet the specific requirements (Susanto, Almunawar &
Tuan, 2011). These generally play the vital role in the organizations.
5. Organisational- it is referred as the blue print to the organizational security and its
program. It aims to have the strategic plan so as to have the proper implementation of
the security procedures and guidelines of the system.
6. System specific- it mainly deals in the particular individual or to the computer
system. It basically provides the authority for approving the particular hardware and
software to the system.
7. Guidelines- it can be defined as the statement or the procedural policy in which
that mainly identifies to determine the specific route or the course of actions. It can be
in the form of the recommendation or in the suggestion form which can be flexible
and amendable to the changes.
8. Procedures- It is the most specific type of the security document. It is basically
characterized in the form of the detailed or to the step by step approach towards the
implementation made to the security standards and to the guidelines and the support
and policies (Susanto, Almunawar & Tuan, 2011).
20

Security Management System
Figure 2 Policy Structure (Source By: Author)
Human Factors, laws and Regulations for the Best Practice
It is essential to have the best practices in the security management to attempt, understand
and to make the improvements in the error prone activity. Humans can operate the practices
at the multiple level and performing the different functions and the operations according to
the organisation requirements. It is been used for designing the documentation for the self
contained. Designing documentation should be followed for validating guidelines and
documentation design aid. The Human factors provide the various list and tools for indicating
the various default list. It mainly include the explicit and the information probable to the
locations and likelihood for defecting each other. The practice and the factors being used for
focusing into the single terminology for structures and defects. It is used for maintaining the
configuration and controlling and ensuring that the rules and regulations are being properly
maintained (Tanimoto, 2011).
21
Policy
Structure

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Security Management System
Coherent in the Security Management Application
It helps in securing both the cluster members and to the extended clients. It mainly helps in
securing and providing the safety for both the outcomes and in the integral parts of the
organisation. Therefore the company and its organisational activities and operations
encompasses to the broad field for preventing measures for providing the facility through the
technology oriented reactive tools and further to have the authoritarian methods. The
company offers the expertise related to the co-relational services such as social services ,
policing, rescue services, security management etc (Wang, 2013). It is necessary for
managing the security for the complex systems in the company and providing the necessary
solutions for the gap been build within and making the identification and focusing on the
technical aspects of the security. The best way of measuring to the technical aspects of the
security and sharing the information is the best way and the key for the satisfying solutions
(Whitman & Mattord, 2013).
Conclusion
It is important in today’s scenario that the companies are generally affected from the risks,
and from the unwanted activities, threats or any malicious activities that is been involved as a
spy in the organisation. It is necessary to overcome from all these circumstances to deal and
mitigate the threats which are affecting and stopping to the business processes in the
Organisation. For keeping the business and the company safe from all the dangerous
activities it is necessary to prevent and have the control to the overall risk by following the
various policies, procedures and the set of rules within an organisation so as to be aware
from the threats and to overcome from all problems being raised. For using the new ways to
be prevent from the thefts the company must work on the latest technologies and the software
22

Security Management System
tools for implementing to all the business operations so as to be aware from the risks.
Company should have a proper action and contingency plan and its strategies used for
implementing in the business activities for avoiding the risks in near future.
23

Security Management System
References
Annan, B.C., Indurkar, D. and Jones III, J.M., Sprint Communications Company LP,
2012. Dynamic security management for mobile communications device.U.S. Patent
8,272,030.
Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance:
an empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), pp.523-548.
Chen, Z., Han, F., Cao, J., Jiang, X. and Chen, S., 2013.Cloud computing-based forensic
analysis for collaborative network security management system. Tsinghua science and
technology, 18(1), pp.40-50.
Coffee Jr, J.C., Sale, H. and Henderson, M.T., 2015. Securities regulation: Cases and
materials.
Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management.
Cengage Learning.
De Lange, J., Von Solms, R. and Gerber, M., 2016, May.Information security management in
local government. In IST-Africa Week Conference, 2016 (pp. 1-11). IEEE.
Haddow, G., Bullock, J. and Coppola, D.P., 2017. Introduction to emergency
management.Butterworth-Heinemann.
Harrer, J. and Wald, A., 2016. Levers of enterprise security control: a study on the use,
measurement and value contribution. Journal of Management Control, 27(1), pp.7-32.
Humphreys, E., 2007. Implementing the ISO/IEC 27001 information security management
system standard.Artech House, Inc..
24

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security Management System
Kazemi, M., Khajouei, H. and Nasrabadi, H., 2012. Evaluation of information security
management system success factors: Case study of Municipal organization. African Journal
of Business Management, 6(14), p.4982.
Krutz, R.L. and Vines, R.D., 2010. Cloud security: A comprehensive guide to secure cloud
computing.Wiley Publishing.
Li, S. and Da Xu, L., 2017.Security in Enabling Technologies. Securing the Internet of
Things, p.109.
Lošonczi, P., Nečas, P. and Naď, N., 2016. RISK MANAGEMENT IN INFORMATION
SECURITY. Journal of Management, (1), p.28.
Mayer, N., 2009. Model-based management of information system security risk (Doctoral
dissertation, University of Namur).
Mell, P. and Grance, T., 2011. The NIST definition of cloud computing.
Merriam, S.B. and Tisdell, E.J., 2015. Qualitative research: A guide to design and
implementation. John Wiley & Sons.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
25

Security Management System
Poolsappasit, N., Dewri, R. and Ray, I., 2012. Dynamic security risk management using
bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1),
pp.61-74.
Spears, J.L. and Barki, H., 2010.User participation in information systems security risk
management. MIS quarterly, pp.503-522.
Spears, J.L. and Barki, H., 2010.User participation in information systems security risk
management. MIS quarterly, pp.503-522.
Susanto12, H., Almunawar, M.N. and Tuan, Y.C., 2011. Information security management
system standards: A comparative study of the big five. International Journal of Electrical
Computer Sciences IJECSIJENS, 11(5), pp.23-29.
Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H. and Kanai, A., 2011, May. Risk
management on the security problem in cloud computing. In Computers, Networks, Systems
and Industrial Engineering (CNSI), 2011 First ACIS/JNU International Conference on (pp.
147-152).IEEE.
Wang, F., Ge, B., Zhang, L., Chen, Y., Xin, Y. and Li, X., 2013.A system framework of
security management in enterprise systems. Systems Research and Behavioral Science, 30(3),
pp.287-299.
Whitman, M. and Mattord, H., 2013. Management of information security.Nelson Education.
Zhang, X., Wuwong, N., Li, H. and Zhang, X., 2010, June.Information security risk
management framework for the cloud computing environments. In Computer and
Information Technology (CIT), 2010 IEEE 10th International Conference on(pp. 1328-1334).
IEEE.
26