Security management is a key factor of success of any firm in the present world. Different firms subject their staffs to a lot of information, which ends up in the hands of mistrusted people, hence posing a significant security threats. Moreover, the world is growing through dynamism in management of security. Security breaches can lead to organization collapsing, if security management is not effective.
Therefore, in order to cope with the insecurity, most of the senior personnel are required to devise relevant tactics and hold security awareness campaigns to alert their employees about appropriate security decisions.
The employees should be taught about the factors that can impair legitimate security management for their organizations. The aim of this paper is to examine Cenartech Security Case, which revolves around the security management.
When firms recruit dishonest employees into the system, they may breach security and fail to follow the right procedures for relevant security management. The CEO of Cenartech should recommend other ways for solving the problem solving, such as training the employees about making proper security measures for their organization.
All employees should be made to understand the security policies, as well as their responsibilities. The employees should be motivated for them to be security conscious when disseminating any information, in order to maintain high standards if confidentiality (Whitty, 2011).
In Brian’s case, he negligently left a VPN installer disc lying on the desk, which eventually was accessed by the wrong person. Lack of awareness about proper security decisions in his organization led him to many tribulations, which he could have avoided if he had observed confidentiality of the information (Jeanne & Roberts, 2003).
The idea of employees sharing password was also not effective because vital information could leak to the outside, hence, creating a chance for criminals to access the system (Mattord, 2011). Instead of using password, Brian could have implemented biometric method as an alternative way to log in to the accounts. This method would ensure that a uniquely identified person accesses information.
Brian could have used an alternative method in order to minimize the security threat of information, thus, his method was not perfect because it had a few identifiable limitations. One of the limitations is that the people holding the accounts in the organizations have to be physically present to allow access to information (Whitty, 2011).
Given a chance as a CEO of this firm, I would transform it for a better tomorrow. After learning the problems experienced in Cenartech firm are mainly due to poor management practices, which resulted from negligence and lack of cooperation among the departments, I would establish various measures.
Firstly, in order to mitigate the risks, I would ensure that security is not for a single department, but for the organization as whole. All the players in the organization should work as a team to ensure their resources are secure.
If the human resources department manager had been taking into consideration what Brian was reporting, the issue of the person trying passwords on other computers could have been resolved in the first reporting. However, the problem was not resolved after firing the person who was involved.
The issue only seemed to resolve when Brian had a one on one meeting with the CEO who recommended the IT and HR department to work hand in hand.
Secondly, I would offer training to the employees about security awareness and provide them with the measures that can protect the organization’s information asset. Everyone should be responsible for security of the information in order to enhance smooth running of the company. Additionally, I would implement policies such as imposing heavy penalties to anyone violating the security information rules.
In addition, I would recommend all the computer users especially in the IT department to be equipped with required skills to counteract information frauds and should be made to comply with the company’s policies (Hinson, 2003).
The IT department where Brian is working has twelve personnel, but they do not have much IT skills. Brian improvises a manual to assist them in maintaining security in the system. Moreover, it was unprofessional for Brian to be employed in the department, since they depended on consultants to manage their complicated networks.
The last thing is to ensure managers keep information related in their areas, and analyze it for some inferences. The impact of good information is seen when we compare Brian and Jim characters. Brian kept so much information on IT than his boss did, to an extent it made the human resources manager to be puzzled. It is through the following of his records that Brian got the wind of what engineers were doing at lunchtimes.
Jim was somehow careless by dismissing Brains reporting, since the report displays that Jim never took Brian’s information seriously to an extent of failing to inform him when they caught the person who was trying to have unauthorized access to the system.
In conclusion, security of information in an organization should be maintained to avoid violation of company value. It is clear that breaching of security management is mainly through negligence of the organizations’ employees.
This results from lack of proper training, security awareness, and personal responsibilities. Therefore, the employees should be well trained about security decisions, and be made security practitioners through proper guidance and supervision.
References
Hinson, G. (2003). The true value of information security awareness. Web.
Jeanne, K., & Roberts, K. (2003). Correct! Prevent! Improve! : Driving Improvement Through Problem Solving and Corrective and Preventive Action. Milwaukee: ASQ Quality Press.
Mattord, W. (2011). Readings and Cases in Information Security: Law & Ethics. New York: Cengage Learning.
Whitty, G. (2011). Information security management policy. Web.