There are several kinds of threats that can affect the security of an organization and which may affect the protected information values. Therefore management must understand these different threats and ensure that appropriate counter-measures are implemented. A company that aims to protect itself and protect its information assets needs to take the right measures for an effective safety and security management system. The management and the importance of security lies within the organization goals, which pretend to the scope, the goals, the priorities and security policies under the enterprise security management (Fay, 2002). It is the responsibility for the management to introduce security measures within and outside organization and must ensure the proper maintenance. This paper aims to discuss the various roles and responsibilities of security professionals while protecting the organization assets.
Security Management and Policy
Security is characterized as confidentiality and integrity, and as well as the continuity of the availability of information and information systems. Confidentiality provides access to information only to those who are authorized to use it, for example, information such as the corporate financial statements, personal information, information about assets in the business, and any other information that must be retained for private use of the organization or of certain of its employees (Johnson, 2005). Integrity protects the accuracy and completeness of information and processing methods, for example, information about the census, economic performance or of financial transactions. It is important to maintain absolute accuracy and present such data (Stanger, et.al, 2006).
Availability provides access to authorized users information and associated assets when required, for example, systems which are important for safety, critical support and predicting hurricanes. It is very important to have a permanent stock of information and resources of the organization (Fay, 2002). The security officials have the Information Security policy, which aims to set the standards and requirements of security to ensure the confidentiality, integrity and availability of the information systems of the company. The Policy of Information Security is a document which shows the commitment of the with the security management of information and contain the definition of the security information under the terms of the entity (Murray, et.al, 2003). The most important aspects to be considered in the Security Policy are:
Ensuring the confidentiality, integrity and availability of information systems of the Company
Having a security officer responsible for the management of Security Company.
Comply with applicable legal requirements in the company.
Manage security incidents properly.
Have a contingency plan that allows the company to recover in case of disaster or system discontinuity.
Inform employees of their obligations regarding the security of the systems, obligations and procedures defined that affect them
Train employees in key management concepts of safety systems.
Designing safety organizations in other words to define its policy security. Security Policy should be prepared in a realistic manner and practical (Harwood, 2008). This means that should reflect the actual needs of the security organization and the actual possibilities of assurance and should give clear guidelines on how the security system is to be constructed and how it ...