Why is it important to build one`s awareness and proper perception of information security? And how to build such awareness/proper perception in the management of an organization?
Assignment: To know about a field and keep abreast with what happens, especially a field that changes and advances fast, it is important to know the "Who`s Who" in the field. Bruce Schneier is a top information security technologist and author, and has been named by The Economist as "security guru." (see http://www.schneier.com) It will be worthwhile for you to visit his website on a frequent basis in you want to pursue a Chief Security Office career. The following multi-media presentation delivers what Schneier`s view on information security management. If you have bandwidth issue and can`t watch the video, then you can hear his speech from the audio stream. In the presentation, Schneier suggests a framework of "feeling, reality, and model" and explains how these three should be in sync. He also emphasizes how the "feeling" of security plays a role and how important a person`s cognitive perception (partially coming from the person`s belief and culture) is. Schneier, Bruce. (2008) Reconceptualizing Security on topics of Security Feeling, Reality and Model. Infosecurity Europe, April 23, 2008. Video. http://www.yada-yada.co.uk/podcasts/ReedExhibitions/InfosecurityEurope/video/BruceSchneier.html. Audio http://www.yadayada.co.uk/podcasts/ReedExhibitions/InfosecurityEurope/audio/Hall_of_Fame_BruceSchneier.mp3. If you can`t either watch the video or hear the audio, then you must read the following article which covers the topic. Otherwise, you should still scan through the article to refresh what you heard and grasp some new concepts that didn`t get explained in-depth in the presentation: Schneier, Bruce. (2008) The Psychology of Security. http://www.schneier.com/essay-155.html. Another "Who`s Who" in the security field is Mark Seiden (a Cutter Consortium consultant, 35 yrs of programming experience, on the technical advisory board of Counterpane, among top 50 CyperElite). Please listen to his speech, where Mark emphasized the need to build proper organizational and customer awareness of security needs. Seiden, Mark. Speech. Please click here. There are many factors influencing one`s belief. Culture is one factor, upbringing is another one. So is a person`s education and exposure on the subject. I can`t affect your culture or upbringing, but I would like to educate/expose to you some concepts that can influence what you think regarding to security. Remember, I am only scratching the surface here. You need to continue educate yourself and build awareness of security for yourself and your organization. Mercuri, Rebecca T.; Neumann, Peter G. (2003) Security by Obscurity. Communications of the ACM, Nov2003, Vol. 46 Issue 11, p160-160. (TUI library). Hoepman, Jaap-Henk; Jacobs, Bart. (2007) Increased Security Through Open Source. Communications of the ACM, Jan2007, Vol. 50 Issue 1, p79-83. (TUI library). Now it is time to write about what you learned in the background readings. Writing about what you learned is like digesting food. Only through your own language, you can truly assimilate and absorb. Please compose a 3-4 page paper on the following topic: Why is it important to build one`s awareness and proper perception of information security? And how to build such awareness/proper perception in the management of an organization? Expectations: In preparing your paper, you need to discuss the following issues, and support with arguments and evidences: what is the framework suggested by Scheiner? do you agree or disagree? how is Scheiner`s framework connected with the framework suggested in module one? summarize key points from Seiden`s speech what are your views on "security by obscurity" and "enhancing security via open source"? what are they? why do you hold your views? how would you help the managers in an organization o build their security awareness and proper perceptions?
Why is it important to build one`s awareness and properperception of information security? And how to build suchawareness/proper perception in the management of an organization? Name Professor Course Institution Date Security may be defined as the degree of protection from danger or any threats. Information security on its part involves protection of information and all information systems; this may be protection from unauthorized use, damage, modification, inspection among so many other factors.It is very apparent how people, in the current world, are full of curiosity to know confidential information about other people. Employees and insiders are the main source of information and data breaches. The behavior of employees in regard to data access affects data and information systems in a great way (Schneier, 2003).It is very hard and almost impractical to have total security. It is, therefore, very vital to have an understanding of the risks that information systems get exposed to. An understanding of these risks helps us prepare on how to defend them. Awareness is the first stage towards such effective defense as preparation begins with a thorough understanding (David Ropeik, 2002). The best and most effective way to achieve lasting informatio...