Course Discussions

Analyze the business considerations, information assurance, and information systems security considerations that impact the area you identified as being most challenging to implement. Provide at least two recommendations for IT management to implement to align the information assurance and security considerations with the business goals. Issuing standards for technology that an organization may not have yet but could in the very near future is a good idea. System specific standards can be constantly changing and need to be monitored to keep information assurance and security in line with the goals of the organization. Security standard will help in the development of security policies and can be easier to establish by taking into consideration industry est practices, experience, business drives and internal testing.
Compare the responsibilities you listed above with those of an IT security professional. Give your opinion on how responsibilities of digital forensics personnel and IT security professional are similar and in which ways are they different. An IT security professional's major job is to secure down systems and prevent hackers from gaining access, while digital forensics personnel have the job of figuring out exactly what happened. An IT security professional and digital forensics personnel are so closely related that they would non-existent without one another. An IT security professional can handle responsibilities of "Integrity of Evidence" by minimizing the number and severity of security incidents, assemble a core computer security incident response team, define an incident response plan, and contain the damage to the minimize risks. IT security professional responsibilities in handling "Forensic Documentation" assist in log monitoring, analyzing log entries and correlating log entries across multiple systems, assisting in incident handling, identifying policy violations, and auditing and other related efforts.
Describe the basic elements of human nature and how they effect information security policy development and impact information security policy implementation issues.Motivation is the key to successful implementation of a security policy. It is used to appeal to human nature. People like to take pride in their work especially if they think it is important to reach personal goals and the goals of the organization they work for. It is human nature for people to have motivation through self- interest, if it makes them look good and seem productive in helping the organization reach its goals, and could also provide the individual with raises or promotions. People like to feel that they are successful and that whatever "team" they are on is successful, it motivates them to keep wanting to do whatever it is they are responsible for to keep being successful.