IT Security Essay Example | Topics and Well Written Essays - 1000 words

IT Security - Essay ExampleFor any information formation to be operational, organization mandated compliances need to be undertaken by the chief information officer (CIO) and government officers. For a placement to pass these security compliances it must meet the criteria set for the system boundaries for the hardware, software, users and inter achieves with the environment must be clearly defined so as to assess any threats. Therefore, a CIO must provide a plan of action for the system and also state any contingency measures needed in the case of a security threat. Moreover, the chief information officer then gets evidence and accreditation from the government once this is achieved (Enloe, 2002). Information systems are required to be secure in order to facilitate business success and their resilience in the changing information society. This means that a CIO ought to ensure that the system is secure enough to deliver vital information and services at the right time with no com promise. This is because secure systems increase public confidence and trust in the organization and in their products or services. Information security also ensures that performance of all the stakeholders in the organizations from management to junior staff is effective (Bowen, Chew and Hash, 2007). In addition, security also reduces the chances of risk to the organization and protects the integrity of the information or data stored in the organization. In the design of an information system, the CIO needs to be aware of information security elements, which must be in line with government mandated compliance. Moreover, considering that security grooming of a system it is very important for a CIO to know who accesses the system at any time, and thus, the role of an information system officer in the system needs to be understood and clearly defined (Enloe, 2002). The authorizing officers in the organization and other users including the management need to be issued with access code s for authorization. Through this he allow for track and know who accessed the system at what time and which information was accessed or modified with use of these codes. The CIO should provide the management with the capital estimates required in tally and maintaining the full-length system and the time required to change or upgrade the system. In addition, he must conduct awareness and training campaigns on the whole organizations. This is to educate the users of a system on the different types of security threats present and how to evade them. Thus, a CIO is required to conduct risk assessment for the organization management, and relieve to the personnel and management how the system will meet the organizations mission and goals (Enloe, 2002). To this effect, the CIO must design a system that provides as stated in NIST Information security protection from unauthorized access, use or disclosure, disruption and modification of information. The system must also comply with the s tandards set up for policies, procedures and guidelines by national law and legislations. The CIO is also responsible for developing and maintaining agency wide information security programs, policies and control techniques for the organizations systems. Moreover, he is required to develop disaster recovery management program, to