A plan for administrative security controls
Administrative controls are very essential for business, organizational, personal and state protection. The administrative controls focus on the policies that are put in place in order to protect the security, privacy and confidentiality of decisions and operations of the function of administration in the organization (Keung, 2014). An effective plan for administrative security controls may include:
Finding the right information systems
Carrying out a risk assessment within the administrative operations of the institution
Creating and publishing policies, standards and guidelines
Carrying out a security-awareness training of all personnel
Screening of the staff
Enforcing change control guidelines
A plan for procedural controls
The procedural controls are mainly safeguards to the information and machine systems in the organization. It is also a safeguard to the procedures of conducting various functions ion the organization or the state (Lee, 2015). A plan for procedural security controls includes:
Delegate your assignment to our experts and they will do the rest.
Enforcing and keeping access safeguard mechanisms
Creation of passwords and managing resources
Developing identification and authentication methods for people entering the organization or country
Installing security gadgets
Configuring the infrastructure of the organization or state
A plan for physical controls
Physical controls are aimed at ensuring the protection of all hardware and assets within the organization or state (Schell, 2013). A plan for physical security controls includes:
Putting up strict controls to individual access into the organization or country
Ensuring all systems are locked and ejecting unwanted floppy and CD-ROM drives
Safeguarding the perimeter of the organization or state
Keeping vigil to repulse any form of intrusion
Ensuring the environment is safeguarded and conducive for the installation of various machines
Challenges facing security management professionals
The modern security professionals face unprecedented challenges in their quest to safeguard their workstations. Today, security professionals are faced with the huge test of protecting organizations or states amidst rising complexities and uncertainties occasioned by the dependence on technology as a sole means of accomplishing their objectives. The first major challenge that security professionals face is cyber-crime which has exploded to high levels. Virtually all organizations and states today rely on the internet for the easy and fast transaction of functions involving customers. However, most of them lose the idea that the internet is quite insecure hence under-invest in IT security (Kshetri, 2013). The increasing political and commercial incentives for cyber-crime continue to attract more criminals to this business. The criminals have access to sophisticated and quite effective attack tools that they use. Since the organizational or state security professionals are given a very insufficient budget for IT security, the entire institution may become vulnerable to incidents of internet crime.
Another major challenge to security professionals is the increasing functions and expansion of organizations. As organizations expand, the entry points and loopholes for criminals arise. Expansion of companies affects physical security controls as criminals find more entry points into the precincts of the organization. Expanding the corporate perimeters to large extents normally enhances the vulnerability of the organization to entry points for surveillance as well as other attacks (Andress & Winterfeld, 2013).
Moreover, conducting security awareness in the organization or at the state level is a very difficult task for the security professionals. Firstly, this difficulty arises from the fact that very few people in institutions pay attention to the importance of security matters as long as they are safe at a given time. Therefore, many people are less interested in security issues at the time they are safe. Secondly, security awareness tests in organizations and at state level normally lead to injuries and even deaths because people respond to it as a real attack. This makes professionals to avoid such awareness tests. Therefore, there is a very high need for people to increase support and interest to security matters in order to make the work of security professionals easy and effective (Fischer, Halibozek & Walters, 2012).
References
Andress, J., & Winterfeld, S. (2013). Cyber warfare: techniques, tactics and tools for security practitioners . Amsterdam: Elsevier.
Fischer, R., Halibozek, E., & Walters, D. (2012). Introduction to security . Oxford: Butterworth-Heinemann.
Keung, Y. H. (2014). Information Security Controls. Advances in Robotics & Automation , 2014 .
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy , 37 (4), 372-386.
Lee, G. (2015). A Study on Improving Security Controls in the Electronic Financial Transaction. Journal of the Korea Institute of Information Security and Cryptology , 25 (4), 881-888.
Schell, R. R. (2013). Computer Security. Air & Space Power Journal , 27 (1), 158.
