IT Security Essay Example | Topics and Well Written Essays - 1000 words

IT Security - Essay ExampleFor any selective information scheme to be operational, politics mandated compliances need to be undertaken by the chief information officer (CIO) and government officers. For a agreement to pass these aegis compliances it must(prenominal) meet the criteria set for the organization boundaries for the hardware, software, users and interactions with the environment must be clearly defined so as to assess any threats. Therefore, a CIO must furnish a plan of action for the system and as well state any contingency measures needed in the case of a security threat. Moreover, the chief information officer then gets certification and accreditation from the government at one time this is achieved (Enloe, 2002). Information systems are essential to be secure in order to facilitate business conquest and their resilience in the changing information society. This means that a CIO ought to ensure that the system is secure tolerable to deliver vital information and services at the right time with no compromise. This is because secure systems ontogeny public confidence and trust in the organization and in their products or services. Information security also ensures that performance of all the stakeholders in the organizations from wariness to junior staff is effective (Bowen, Chew and Hash, 2007). In addition, security also reduces the chances of risk to the organization and protects the integrity of the information or data stored in the organization. In the figure of an information system, the CIO needs to be aware of information security elements, which must be in cables length with government mandated compliance. Moreover, considering that security planning of a system it is very important for a CIO to know who cominges the system at any time, and thus, the role of an information system officer in the system needs to be understood and clearly defined (Enloe, 2002). The authorizing officers in the organization and other users inclu ding the management need to be issued with access codes for authorization. Through this he will track and know who accessed the system at what time and which information was accessed or modified with use of these codes. The CIO should provide the management with the capital estimates required in running and maintaining the whole system and the time required to change or upgrade the system. In addition, he must conduct sense and training campaigns on the whole organizations. This is to educate the users of a system on the different types of security threats commit and how to evade them. Thus, a CIO is required to conduct risk assessment for the organization management, and explain to the personnel and management how the system will meet the organizations mission and goals (Enloe, 2002). To this effect, the CIO must design a system that provides as stated in NIST Information security protection from unauthorized access, use or disclosure, ruffle and modification of information. The system must also comply with the standards set up for policies, procedures and guidelines by national truth and legislations. The CIO is also responsible for developing and maintaining agency wide information security programs, policies and control techniques for the organizations systems. Moreover, he is required to develop disaster recovery management program, to