Unit: MIS 361
Spring 2016
Student’s Name
University
MIS 361
Computer Security
1. What benchmarks might you consider in developing a security program?
The first step of implementing information security is to have a well security program in place and there are three major elements that assist in developing a security program, and they include confidentiality, integrity, and availability. An effective and efficient information security program endeavors to ensure that the information of various organizations as well as its processing resources are available when authorized users need them.
Confidentiality helps in ensuring that controls and reporting mechanisms are put in place to help in detecting problems as well as …show more content…
Administrative measures and also physical security like safeguarding offices where organization computers or workstations are locked when authorized users are not in.
Organization also should have strong forensic experts as well as public relations strategies to help curb intrusion. Third parties transacting businesses with the organization should have information security insurance coverage to help data reach the intended recipient.
3. What would be the general scale/scope of your performance measurement program and what might be some of the most important performance metrics?
According to Scott, (2015), the scope of performance measurement is based on the risk mitigation defined in terms of information cyber attack sequence, security operations, and functional areas based on cyber security capabilities. It is associated with governance, risk and compliance.
The table below summarizes some of the important performance metrics that organizations should use in rating itself.
Security Performance Metrics Outcome …show more content…
In ensuring the effectiveness and efficiency of the Information Systems Security Program, each module have to be evaluated individually, and its relationship to other components.
The results of the analysis of one component are then considered and mitigated in completing other Information Systems Security Program components. Briefing of the Chief Information Officer (CIO) should also be done annually on the overall Information Systems Security Program, and be certified that the intended person accepts the risk under which it operates. The CIO will then briefs CEO who thereafter accredits the Information Systems Security Program.
Organization should therefore be accredited on risk awareness, security plans, the system owner and password management. For instance, risk assessment status and disaster recovery mechanisms for the application needs to be itemized. Risk assessment should help in identifying and implementing counter¬-measures to help in reducing the identified risk, and also to ensure that the organization system is certified and that the system owner understands as well as accepting the remaining residual