Science
Essay Preview: Science
Report this essay
The business world is increasingly reliant on technology to supply information and communications facilities to staff, partners, and customers. Securing organizational information and the systems that are used to manage and transmit data has become a high profile function. Failure to secure information can have a severe impact on business credibility.
Threats to an organization come in a variety of forms, for example from hacking, viruses, and simple human error. The types of threats change constantly, so management must sponsor, design, and implement business and technical processes to safeguard critical business assets. To create a more secure business environment the organization must:
* Assess business exposure and identify which assets to secure.
* Identify ways to reduce risk to an acceptable level.
* Design a plan for mitigating security risks.
* Monitor the efficiency of security mechanisms.
* Re-evaluate effectiveness and security requirements regularly.
All of these activities must be coordinated within a well-defined strategy. An organization can manage risk to an acceptable level by developing security policies and making staff and commercial partners aware of their responsibilities within them. Security can also contribute to an organizations bottom line, because customers value the reliability of a supplier.
This Security Management service management function (SMF) guides organization leaders and senior managers through issues that they should consider when developing an effective security policy and implementing it through a security program. The SMF discusses the individual and team security roles and their interrelationship with operational functions. The SMF also reviews tactics and best practices to increase staff awareness and encourage continuous improvement.
Security management is only one aspect of providing information technology (IT) services to an organization. This SMF works within the wider Microsoft Operations Framework (MOF) to align defense with other critical services, such as Business Continuity Management and Change Management. The Security Management SMF also relates to industry security standards and initiatives, such as the International Standards Organization (ISO) 17799:2000 and the IT Infrastructure Library (ITIL) Best Practice in Security Management.
Top of page
Introduction
This service management function (SMF) provides information about security management for organizations that have deployed, or are considering deploying, Microsoft or other technologies in a data center or other enterprise-level computing environment. The guide assumes that the reader is familiar with the intent, background, and fundamental concepts of the Microsoft Operations Framework (MOF) and the Microsoft technologies that this SMF discusses.
You can find detailed information about the concepts and principles of MOF on the MOF Executive Overview v3.0 site that is available at
Audience
This SMF provides security management information for a broad range of business and technical roles within an organization. It offers business executives and managers a basic understanding of the reasons for developing a security program. It also provides detailed information for those individuals who are responsible for designing and managing the implementation of security policies.
Organization Leaders
The term “organization leader” applies to those roles at the highest level of influence within an organization. In many organizations, these roles might include one or more chief officers (Executive, Operations, Information, Technology, and others). Organization leaders specifically:
* Sponsor security.
* Establish commercial criteria for security.
* Drive the high-level adoption of security policies across the organization.
The areas in this SMF that are of particular use to organization leaders are the explanations of the language of security, the planning necessary for an effective security program, and the means of communicating security policies throughout an organization.
Operation and Service Managers
Managers in these roles are primarily concerned with using information technology (IT) to deliver valuable business services. Securing these services means that developing and maintaining effective processes and procedures that support the aims and objectives of the organization are essential. Common goals for those people who are working in these positions include:
* Service efficiency.
* Service quality.
* Service availability.
* Quality user experience.
* Service improvements.
* Maintenance of data confidentiality, integrity, and availability.
This SMF benefits operation and service managers through a descriptive narrative that provides insights into the objectives that drive management processes that security policy governs. Management involvement prompts staff in a division or department to resolve security issues within each phase of operations. Security must be an organizational requirement that does not become a roadblock to success.
Security Managers
Security managers are responsible for the assessment, resolution, and maintenance of effective security requirements within the organization. As such, this role