How Security Management Is The Core Component That Made Up...

This chapter began by explaining what security management is. It defined it as the core component that made up the foundation of a corporation’s security program. Risk management, security organizations, security education, information classification, information security policies, standards, procedures, baselines and guidelines are the elements of the core component. This chapter further explained that security management is activated to protect company assets. These assets can easily be identified through risk analysis. This risk analysis exposes the threat that can easily put the assets at risk. The risk analysis, according to this chapter also facilitates identification of the budgets to know how much fund is needed to protect the†¦show more content†¦It is quite unfortunate that most companies’ management only deals with the administrative, marketing and sales, and the production part of the company business, but felt the IT operations should be left solel y to the IT personnel. In the long run, according to this chapter, the information security aspect of the company will suffer and remain underdeveloped because of lack of attention. However, if there is any security breach or attack, the top management will be the first point of contact. The top management will be held accountable and responsible for not adhering to the business practices. This chapter emphasizes on the need for management to assign responsibilities and also to make sure that adequate funds are available for the kick-off of security programs and its implementation. Management role and support cannot be overemphasized when it comes to the issue of security management. This chapter also addresses the way decisions on security issue should be channeled. This chapter advised that security program should be driven in a top-down approach. In this case, the top management will drive, , support and give directions for the security program, which will then be passed over to the middle management staff and then to member staffs. Also, this chapter illustrates how the control measure should be designed to make sure that access are well managed and monitored. With this, the chapter went further explaining the three types of