enforcement of IT security policies that ensure safeguarding and fulfillment
Ø allowing security companies in Hong Kong to increase operational competence with combine managing of security options that rationalize Guardforce processes
Ø help Guardforce to keep obtainable investments through added capabilities for defense to an installed agent as being managed by McAfee e-policy devoid of call for extra infrastructure
Power of M Campaign
The security management strategy will be supported by a new brand marketing campaign – ‘’Power of M’’ which is designed to communicate how the company has evolved from its beginnings as a provider of anti-virus software, to becoming a global leader in comprehensive security, to a current leadership position in security risk management. The campaign emphasizes that McAfee’s security management approach offers customers better security and compliance. McAfee Inc. is the global leader in intrusion prevention and security risk management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. The security management principles highlighted the requirement for collection and documentation of security relevant data. Such a requirement becomes obvious when extensive risk analysis studies are undertaken; indeed a major aspect of most such studies is the collection of data describing the risk scenario. However, many organizations do not possess good security documentation, either because the effort of data collection is so high that they are inhibited from undertaking the risk analysis study, or if such a study is undertaken the resulting documentation is not in a format that lends itself to ease of updating and use ( 1997).
There needs to acquire security policy as recommended within the standards are:
Ø definition of information security
Ø statement of management intention supporting the goals and principles of information security
Ø explanation of the specific security policies, principles, standards and compliance requirements
Ø definition of general and specific responsibilities for all aspects of information security
Ø explanation of the process for reporting suspected security incidents
The recommendations for Guardforce security section are concerned with the organizational structures for information security roles and responsibilities:
Ø information security co-ordination
Ø allocation of information security responsibilities
Ø authorization process for IT facilities
Ø specialist information security advice
Ø co-operation between organizations
Ø independent review of information security
Ø security of third-party access
It is important that the security officer be involved in the authorization process for new IT facilities both to ensure that the security implications of the proposed acquisition are discussed and that the security model is subsequently updated. The proposed acquisition could have significant security implications if it:
Ø involved data or processes with high business impacts
Ø provided new accesses to sensitive data or processes
Ø impacted on current countermeasures
Personnel security is a vital part of organizational information security and it is important that there be formal commitments to this topic and such formal commitments are communicated to staff as standards recommendations will have to involve:
Ø security in job descriptions
Ø recruitment screening
Ø confidentiality agreement
Ø information security education and training
Ø reporting of security incidents
Ø reporting of security weaknesses
Ø reporting of software malfunctions
Ø disciplinary process
Furthermore, security system planning and acceptance, particularly capacity planning, must take due cognizance of availability business impacts in the information assets domain as business impacts associated with confidentiality and integrity of data assets should be taken into account in the security requirements of new systems. Virus controls appears to have been given a particular prominence in the standards, whereas one might have expected to see a wider discussion on more generic countermeasures (1987). Security attacks could now have a greater impact on the organization and the distributed use of computers complicated the implementation of physical security measures (1999). During the present era, the protection of information technology systems required additional technical security measures. Technical security measures refer to security implemented by using software mechanisms residing on IT systems (1989) as the change will focus security efforts as introduced IT security.
The need for a unified security management method
Security has become an essential part of planning, implementing, and managing the e-service system. Nevertheless, the security issue faces is multi-faceted. Firstly, having extensive operation of dispersed client/server as well as web-enabled networks, Guardforce find it more hard and arduous to successfully preserve its critical systems and functions as well as information. Aside, there requires connection and collaboration among security partners as geared towards the intricacy of organizing network and security systems. There should be management of security way in policies for isolated connectivity in order to apply appropriate security policy to diverse type of services connection as offered by the Guardforce as it can be essential to recognize and maintain every position wherein security management in Hong Kong will have the potential of being violated if not understood well by its operators and users as the manner of vulnerability is a factor in terns of securing HK companies in lieu of its system infrastructure as well as critical endeavor resources by means of distributed security process setting.
Security management solutions
Today, number of managed security solution providers offers customers the option of outsourcing the management of their security architectures. Many customers, however, are not comfortable with outsourcing because often these solutions only solve half the problem. When dealing with a security incident, a decision needs to be taken that may affect business operations such as closing ports or taking a server offline. Because they are unlikely to understand the business implications of such decisions, third parties are rarely trusted with such responsibilities. This state of affairs typically reduces the role of the third-party to that of simply monitoring the architecture and alerting the client to potential problems. This can reduce the burden of security management to some degree but still requires a significant amount of client interaction. An alternative option is third party software solution with the ability to monitor a number of systems from the main security vendors. This gives you the benefits of centralizing security system management in terms of reduced cost and more effective monitoring, while retaining in-house security decision-making. The Hong Kong security management is more than just monitoring the devices to ensure that they are working, are up-to-date and that their alerts are considered.
There are a number of other tasks that must be carried out by security administrators in Guardforce should include:
Ø Patch management, as viruses today exploit vulnerabilities with systems that would be safe if the appropriate patches were applied. The widespread chaos caused by such malware indicates that many of the patching programs today are woefully inadequate
Ø Security policy enforcement, the security policy effectively sets out aims as a secure demand business detailing how companies believe in protecting business system and monitored regularly to make certain that infringement are quickly agreed upon.
Ø Eliminate crooked systems as there has to enforce security policies through Guardforce devices as such security systems are beyond managerial control of securing IT process within the network milieu as there creates possible threat dealing to malware increase
CONCLUSION
There is the need to discover an integrated security organization platform allowing HK companies in deploying of fresh application and abridge the development of running the power of users to the applications. Managing security should be managed as a program that requires the same degree of attention and responsibility as other resourced programs within an organization. There is outline of steps in jeopardy organization and leadership on solution mechanism for successfully realizing security management agenda as provided by Guardforce. Hong Kong companies will require valid certificate that will point out to the industrial protection and security mechanism and attribute as the driver needs as the HK organizations has relied on technology and its security however, there were little security strategies and guidelines from lack of logical and ample security management theory integrating diverse perspectives of security policy in its risk management systems.
Therefore, there is giving of affluent sequence security strategies, measures and theories as Guardforce that will incur better understanding of HK security management in lieu of various perspectives. The incorporation of security measures should have to include sets of planned security organization strategies as needed by Guardforce services in HK and develop a sound application of the security market based on its analysis as there should be a unified framework in developing definite security diagram and solutions improvement as there uses security standard and its practices having useful response to security necessities and such business needs for the HK region.
APPENDIX
SYNOPSIS – RELATED ARTICLE
The security management assembled top security experts to observe on the issues through the highlights below:
‘’On challenges, executives cited the need to comply with new regulations, balance security with maintaining an open environment, and stay in tune with their company’s overall goals’’. ( May 2006 ) ‘’Asked about trends, they highlighted the new emphasis on crisis management and protecting the entire enterprise versus the former emphasis on protecting specific assets, on the search for good personnel, they agreed that general qualities matter more than specific technical skills’’. ( May 2006 ) ‘’When it comes to convergence, the panel agreed that it is both inevitable and beneficial and that it need not be seen as a turf war with winners and losers. It is simply a matter of having all the players work together to solve problems. Asked how to sell security to management, they cited the need for good metrics and good customer service. One representative on the supplier side cited the difficulty of building systems to meet user needs when companies are reluctant to share inside information about what they want systems to achieve’’. ( May 2006)
Credit:ivythesis.typepad.com
0 comments:
Post a Comment