Return to site

Security Manager Role Essay Example | Topics and Well Written Essays - 1250 words

Security Manager Role - Essay ExampleOrganizations are now seeking for both technical and management experts for managing security. A security manager must establish policies, standards, procedures and guidelines to make a repeatable and documented security practices within the organization. Security breaches are constantly happening and there is a requirement of periodic security risk assessment to address potential vulnerabilities and mitigate threat by implementing controls. Moreover, security governance is considered as a pre-requisite before establishing a security management program within the organization. Security governance facilitates in creating awareness at the senior management and board of the organization. Once the advantages are understood, the security management program will be successful to some extent and management will actively participate in every day security functions, as security is a responsibility of all personnel. We will discuss the role of a security manager in three different domains along with responsibilities and associated tasks. Role of Security Manager Organizing information systems is defined as the series of activities that are associated with information handling. Organizations expand their business gradually. For instance, strategic plan for any financial institution is to open a branch on every quarter of the year depending on stable revenue and defined achieved objectives. The security manager creates security strategy that must be aligned with the business strategic plan and addresses security issues. Similarly, the expansion of the organization create more risks and increases the workload for handling information because the maintenance, storage and exchange of information has now become more than ever before. The security manager analyzes configuration management and change management activities to eliminate any security weakness and loopholes. Information handling takes place on three levels i.e. formal level, informal level and technical level (Dhillon, 2007). The formal information system is associated with communication from third parties, suppliers, contractors, clients, regulatory authorities and financial sectors. As the word formal says for itself, it is a process in which the security manager ensures that the rules are followed and establishes security baselines and standards for business processes that must be followed. As non-compliance may become a threat to the business or critical assets. Likewise, the security manager automates all the formal processes and procedures for defining a standard as well as effectiveness and efficiency but it is not sufficient. The informal information system is the second type of information handling that occurs in the organization. The informal information system demonstrated a culture within a culture i.e. sub culture that defines the purpose of understanding. Likewise, it is the system where security manager establishes consensuses and beliefs that are recognized by liaising with key stake holders. Moreover, employees get to know due care and due diligence for performing their responsibilities and tasks. However, modification and changes are also made at the same stage, as informal system facilitates the formal system by a natural way. Moreover, different groups of people can be created, as the