Security Management Models for Information Systems

1081 Words3 Pages

Background

Security management within the context of information systems “needs a paradigm shift in order to successfully protect information assets” (Eloff & Eloff, 2003). Due the rapid increase in information security threats, security management measures have been taken to proactively remedy the growing threat facing information security. As a result of this, security management “is becoming more complex everyday, many organization’s security systems are failing, with serious results” (Fumey-Nassah, 2007). To remedy the increase threats to information security systems, organizations are seeking alternatives to network vulnerabilities from malicious attacks. There are several management measures that organizations must take to fully understand the vulnerabilities at stake.

There are dominant security management frameworks that encompass security management models for information systems. Therefore, in order to fully analyze the topic of security management we must first understand the security management models that form the foundation of security management practices. There are several models that structure information security mechanisms in an enterprise organization. In general “information security models are standards that are used for reference or comparison and often serve as the stepping-off point for emulation and adoption” (Mattord & Whitman, 2010). If we analyze security management within the context of access controls we find that access controls are needed to regulate “the admission of users into trusted areas of the organization. Access controls in security management are needed to restrict different levels of access to things like assets, information and other resources of information systems infrastructur...

... middle of paper ...

...tists and information technologists on Enablement through technology, 130-136. Retrieved from http://dl.acm.org.ezproxylocal.library.nova.edu/dl.cfm?CFID=53035382&CFTOKEN

=79931029.

Fumey-Nassah, G. (2007). The management of economic ramification of information and network security on an organization. Proceedings of the 4th annual conference on Information security curriculum development. doi: 10.1145/1409908.1409936.

Grimaila, M. (2004). A novel scenario-based information security management exercise. InfoSecCD '04 Proceedings of the 1st annual conference on Information security curriculum development. 66-70. doi: 10.1145/1059524.1059538.

Mattord, H., & Whitman, M. (2010). Management of Information Security. Boston: Course Technology.

Motiwalla, L., Thompson, J. (2011). Enterprise Systems for Management 2nd Edition. Upper Saddle River, NJ: Pearson.

Open Document