Information security management
Information is critical to the functioning of an organization. It defines the operations and activities of an organization. The concept of security management is thus elusive and organizational security. Organizations have remained active in terms of acquisition of information management systems. These systems are meant to aid organizations in securing their information. This paper discuses the concept of information security by basing on a case. The paper looks into the practice of information management and security by basing on ethical and legal matters which surround information security and management.
At initial stages of operation, most information is contained within an organization. This is backed by the argument that there are fewer transactions at this point in time. As firms expand their operations to include many external players, the concept of preserving and securing information becomes elusive. The issue of information security management in Stratified Custom Manufacturing began to be addressed when the company entered successfully implemented an initial public offer. This denoted that the firm was officially entering the public trading environment thence exposing itself to competitors. Most current organizations have information management departments which help in preserving and controlling the flow of information within and without the organization. Companies that are embracing the use of information and communication technology in discharging organizational functions are often prone to security risks. Information security is thus a concern for these companies. Information security is critical in safeguarding company information. Information security entails the safeguarding of company information from the external environment as well as technological faults or threats. A substantial number of legal and ethical issues face the implementation of information security by companies (Whitman & Mattord, 2011).
According to Information Systems Audit and Control Association (2010), information security is a detailed management issue that calls for managerial attention. Stratified Custom Manufacturing established a broad information management security department. The security team of the company capture on several aspects of information security. This is reflected in the top security management team positions. With the senior manager of information security, the company has other security managers lying under the senior manager. Among the managers is the manager in charge of administrative security, technical security manager and security and compliance manager. In addition to this, the company has a broad policy framework on information management. This forms the ground on which department draw the guidance on information security management.
Policies on security management in organizations seek to guide and set limitation to the level of information sharing in an organization. Information belonging to organizations is secured and only limited to view by accredited entities. Policies on information security stipulates on the way information is shared within and without the organization. Violation regarding access and use of company information are easily identified and necessary steps taken to deal with them. Those identified breaching the information security laws are punished in different ways. One of the means used punishing information security offenders is by denying them privileges to access and use the information belong to the organization. This takes place in different ways among them the barring of such people from accessing information devices. The other way of punishment is deactivation of access details of the individual to company information. In some cases, information security offenders are prosecuted and force to pay fines or compensation to the damage caused to the company (Whitman & Mattord, 2011). In most cases, assessment of risk caused is done before the users are punished. Information security management is complicated by the growing patterns and trends of management that encourage the sharing of information between different organizations. With the prevailing trends of knowledge and use of information technology, it is difficult to secure organizational information. Piece of legislation on information security management also vary making it difficult for organizations to formulate policies on information security (Straub, 2008).
Ethical issues also face the managerial practice of security management. The main issue in information security management is the level to which organizations conceal their information. Organizations are encouraged to share information and access more external information (Whitman & Mattord, 2011). Information helps organizations in improving strategic management practices. They get to know the tactics of management that are used by other organizations performing well in the market. Competition between organizations is open. Organizations are encouraged to practice positive competition as they work on improving their delivery to their customers. Therefore open release and sharing of information is one of the methods of open competition. The other point on ethics and information security is that, firms are required to improve relations with employees. The building of healthy and motivating work environment works for information security in organization. This step has proved to be more effective than other investments (Whitman & Mattord, 2012).
The responsibility of information security is becoming an organizational matter, more than is a concern of legislative bodies. Organizations are securers of their own information. They need to be active and work on improving their systems by making the m less prone to information leakage. The model of information security management taken by Stratified Custom Manufacturing is a desired step in ensuring that the company information is secure.