Organization and Staffing
In the recent past, there has been a rise in the cases of attacks on information preserved by organizations. The attacks usually affect information stored in software deemed as safe and secure. While some cases may be because of internal threats caused by employees, others are external perpetrated by outsiders. As a result, it is essential to have a functional and well-designed department of information security assurance that protects, detects, responds, and governs the integrity of information classified and preserved by organizations. It is within this context that the paper assesses the sample activities performed by functions of the information security and assurance department, highlights the skills required, and explains the benefits of diversifying roles in the department.
Fundamentally, the sample activities undertaken by various functions of information security and assurance department concern their responsibilities. For instance, the sample activity undertaken by the individuals in the protection section relates to safeguarding information from external or internal threats. A good example is evident with the use of codes and passwords that are only available to authorized persons.
In the explanation of Park (2009), the development of alarms that go on when individuals try to access the system illegally is a sample activity that concerns the detection section of the department. On the other hand, a sample activity that is evident in the response section entails the development of a rapid response that blocks hackers from accessing the system and stealing information. Alignment to the provisions of Governance Risk and Compliance is the sample activity that the government department has to execute.
The skills required by employees working in the various sections of the information security and assurance department are in tandem with the duties that they undertake. Notably, those employees, who work in the protection function or section, need to have expertise in the development of passwords and codes that prevent access to information by unauthorized personnel (Whitman & Mattord, 2011). On the other hand, the detection function requires skills on issues that regard the development of alarms and triggers that alert the organization in cases of illegal access to classified information. Rapid response plans and policies are skills that employees executing the response function need to have, whereas employees working in the sector of governance should have skills on the issues that relate to compliance and government requirements.
The advantage of having the same staff performing protection and detection activities is the swift nature of solutions in case of an emergency. Remarkably, the swiftness occasions because of the limited time used in handling and solving the problem. As such, employees utilize the time that could be lost in the process of contacting the detection department of the organization to address the problem, and thus, the swiftness. On the other hand, there are benefits associated with assigning protection and detection functions to different staff members. Concisely, the benefits concern specialization that develops over time. According to Wheeler (2011), when employees work in specific departments, they increase their skills and expertise. The implication of increased expertise and specialization is an enhanced service quality. In due course, employees devise new strategies that improve the quality of services that they deliver in the various functions where they undertake their activities.
Practically, the role of information security manager concerns overseeing, supervising, and ensuring that protection, detection, and response functions of the organization are effective. The managers have the role of overseeing, which implies that they have to move from one point to another and in some cases participate in the execution of some functions. Furthermore, the manager needs to instill a culture of unity, pro-activeness, and innovation among employees.
By instilling the culture, the manager amplifies the quality of services delivered in every function, and thus, limited issues of theft and illegal access to information. In the words of Whitman and Mattord (2011), smart managers inspire their employees and instill a productive culture, which yields positive results. Therefore, in the process of supervising and overseeing the activities performed in every function, the managers need to inspire and encourage employees to deliver their best.
The advantages of having the information security organization report their issues through the Chief Information Officer entail the expertise that the officers have in the field of Information Technology. The officers have skills that pertain to the organization, leadership, planning, and budgeting. Therefore, by reporting through the officers, timely corrections materialize and the project attains the required objectives of the organization.
The ability to achieve the required goals transpires because the officer provides skills and insights that facilitate the development of the desired services. However, there are disadvantages of reporting through the officers. The disadvantages include poor quality of services and failure. Since the officers have a range of responsibilities, chances of losing grip on the requirements of every function are high, and thus, they can easily provide misleading information, which can at times occasion failure. According to Hill and Marion (2016), Beth Jacob, who was the chief information officer of the United States Company Target, resigned because of failures in service delivery. Therefore, failure associated with vast responsibilities is one of the disadvantages of reporting through the officers.
References
Hill, J., & Marion, E. (2016). Introduction to Cybercrime: Computer Crimes, Laws, and Policing in the 21st Century. New York: Santa Barbara. Web.
Park, J. (2009). Advances in Information Security and Assurance: Third International Conference and Workshops, ISA 2009, Seoul, Korea: Proceedings. Berlin: Springer. Web.
Wheeler, E. (2011). Security Risk Management: Building an Information Security Risk Management Program from the Ground up. Waltham: Syngress. Web.
Whitman, E., & Mattord, H. (2011). Roadmap to Information Security: For IT and Infosec Managers. Boston: Cengage Learning. Web.