Managing Information 2 Assignment Example | Topics and Well Written Essays - 1500 words

Managing Information 2 - Assignment Example If considering the enterprise government, focus on executing management actions is required to support the strategic goals of the organization (JOHNSTON et al. 2009). It has been calculated approximately half of the breaches to the security of the information systems are made by the internal staff or employee of the organization (Spears et al. 2010). Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues. The standard of the incident management primarily relates to ensure the existence of processes rather than the contents of these procedures. The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization need to tailor the security incident handling plan according to specific operational requirements. Organizations invest enormous money to buy and install computing e quipments for securing their networks. Information systems security is a challenge for executives and the information technology professionals (Dhillon et al. 2006).Organizations focus on performance and efficiency of the security equipments. This is not enough, as human intervention and a proper plan need to be defined. The information technology professionals are not only responsible for securing the information systems, all the employees of the organization are responsible (Rotvold 2008). One needs to know what an incident is, before making a plan for dealing with the computer incidents. A simple definition is available in network dictionary which says â€Å"An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.† For organizations to be competitive with network incidents, they must lay a foundation within the organization for incident handling. The incident handling procedure refers to an action pla n associated with security breaches, thefts, distributed denial of service, fire, floods etc. Incident handling consists of six-step process: research, classification, restraint, purge, revival, and lessons learned. The information security should be handled internally and externally by the employees of the organization. They will be supported by the security teams with high-powered information security officers. The employees who do not have insufficient skills in dealing with information security, they can perform well in reducing risk factors (Bulgurcu et al. 2010). In each major business unit, an employee with a skill set of solid risk management and project management can be a good choice to be an information security officer. Likewise, the primary objective is to enforce policies and train the end users for following the procedures made for each policy. Moreover, acceptable use for networks and data on information systems must be communication, as end users can download susp icious codes or emails from the Internet etc. furthermore, if the company decides to outsource its security operations to another company, this will save cost but at the same time increase risks to critical information if no care has been taken for choosing a reliable business partner. Non disclosure agreement must be signed by the service organization and skill evaluation of the staff should also be considered. Furthermore, service level agreements