How do security plans differ and in what ways are they alike. How can these plan

Question

How do security plans differ and in what ways are they alike. How can these plans be used to ensure the security of sensitive information? What affects can an organization endue when a security breach is successful? What benefits can an organization obtain when a breach is succesfully contained or prevented? How does a successful breach affect the company outside of the IT portion of the organization? Whose responsibility is it in the organization to develop, implement, and oversee the security plan? What training can an organization give to its employees to help organization's IT Security?

Explanation / Answer

Most organisations employ two types of security plans and they are:

1) Layered Security

2) Defense in depth

These two strategies share a lot in common but of course they are different.

The basic principle of layered security is like a VACCINE. You first get attacked and then we will find a defense. So the data center has to be well endowed with the defense strategies against the attacks. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, and local storage encryption tools these are the key aspects of Layered Security.

Defense in Depth strategy is a superset of Layered Security. It stands on the belief that no total security can be achieved. The priniciple is a bit deceiving but quite true.Rather than just monitoring the internal attacks this strategy can employ tasks such as physical theft followed by forensic recovery of data by unauthorized persons, incidental threats as a result of dangers that do not specifically target the protected systems. The strategy believes in defending rather than getting attacked.

Once a security breach is successful the organisation may have to face:

1) Loss of productivity and consumer loyalty

2) Unwanted media coverage

3) Huge losses both financially and socially

4) Mass law action for leading information in the wrong hands

If the breach is contained the organisation doesn't have to go through these key losses and can more importantly focus on enhancing the current state of productivity to a more finer level.

It is the responsibilty of the security officers who are employed to look after the security issues and related concerns. Moreover it is also the responsibility of every individual woking in the organisation to contribute to the security. One cannot simply leak potential information to public. The rival organistions can employ man to man strategies that involve leaking confidential information.

The training thus involves buliding trust of the employees over the organisation. Moreover the above mentioned strategies should be employed techincally speaking. The security in-charge employees must be well endowed with the potential attacks and given training to employ a proper defense mechanism against the threat.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.