Security Management - Introduction

The objective of Security management is to protect the organization and all it’s assets. Security management is necessary to avoid due diligence and due care lawsuits and protect the companies image and intellectual property.

Security Management is a broad term which covers the following subjects:

• risk management
• risk analysis
• policies
• standards
• baselines
• procedures
• guidelines
• information classification

The top down approach is the approach where the security management will be enforced from within senior management and will be followed by all employees. This approach will ensure that the whole organization is aware that security is an important issue within the company. The top down approach requires a blueprint, i.e. security policies backed by senior management, and realized goals and objectives. Senior management will be responsible for the achievement of the objectives and therefore will inspire their employees to achieve these goals.

Bottom down approach is the approach where the IT department will implement ideas that are incoherent because there is no broader view and the ideas will not be backed by senior management and therefore not by the organization.

Security Controls

The controls that can be distinguished in the security management arena are:

• Administrative controls, which consist of policies, standards, procedures, guidelines and change control;
• Technical controls, which consist of access control, password management, resource management, identification and authentication, security devices and infrastructure;
• Physical controls, which consist of physical access, locks, intrusion detection and perimeter security.

  next