The Corrupting Influence of Secrecy on National Policy Decisions

Question: Describe about The Corrupting Influence of Secrecy on National Policy Decisions? Answer: Introduction Strategic Information Security is a strategic plan to provide the organizations management, the information required to make decisions regarding security keeping in mind the business objectives of an organization. Informationsecurityprotects business operations by minimizing vulnerabilities and protecting infrastructure, applications and data from damage (Whitman, 2010). Informationsecurityfocuses on protection strategies, technology and service provider selection, and deployment best practices. The threat environment is changing, andsecurityprofessionals must continuously improve protection against increasingly sophisticated and damaging attacks. There is also increasing pressure to satisfy complex regulatory compliance requirements. Informationsecurityleverages tools and techniques to protect business operations develop assessment and remediation strategies, select appropriate technology and service providers, and ensure effective deployment ofsecuritycontrols. Consider These Factors to Determine Your Readiness WhatInformationSecurityMeans to the CIO Before approving the deployment of infrastructure, application, and data protection technologies and services, CIOs should: Ensure that the need for newsecuritycapabilities has been prioritized through a risk assessment that evaluates the threat environment, known vulnerabilities, recentsecurity incidents and compliance issues. Define the enterprise's process, technology and service requirements forsecurity assessment; network, application and data protection; vulnerability remediation; and securitymonitoring. Use technology and process requirements to select appropriate infrastructure, application, or data protection technologies or services that are specific to the enterprise's needs. WhatInformationSecurityMeans to IT Leaders IT leaders should consider these factors in the selection, development, deployment and ongoing improvement ofinformationsecuritytechnology and service initiatives: Securityrisk environmentAssess the current threat environment, making sure to include internal and external threats. Existingsecuritycontrols and architectureReview their status and effectiveness within the context of the risk environment for your enterprise and industry. Business processes and initiativesIdentify planned and current business programs that will modify existingsecurityrisks or create new forms ofsecurityrisk. IT processes and initiativesIdentify planned and current IT management strategies and tactics that will change existingsecurityrisks or create new types ofsecurityrisk. Regulatory drivers forsecurityCatalog the internal and external policies, standards and regulations that governsecurityoperations in your SenAd and industry. WhatInformationSecurityMeans to Technology Professionals Technical professionals should take the following steps to ensure a successful implementation of informationsecurity: Manage threats and attacks using a combination of effective technologies, such as anti-malware andsecurityinformationand event management (SIEM), and practices. Build control architectures that can work across IT environments that intersect with the Nexus of Forces of cloud, mobile, big data and social. Focus on being pragmatic and manage the risks of mobility, social, big data and cloud by saying "How?" instead of "No." Ensure high-value assets are protected using zoning and perimeter architecture, but support unmanaged or mobile devices on end-user networks as appropriate. Use data masking, tokenization and/or encryption as well as discovery and monitoring solutions, such as data loss prevention (DLP) and database audit and protection (DAP) solutions where confidentiality is required (Whitman, 2010). Conduct YourInformationSecurityTechnology and Services Initiative Using This Structured Approach Informationsecuritytechnology and services are effective only if they are able to rapidly adapt to changing threat environments. As a result, many activities withininformationsecurityare highly tactical and rapidly move through multiple phases during their design, deployment and management. A clear project management methodology has to be implemented in the planning process. For the planning, SenAd implements a planning process involving its stakeholders including the inside stakeholders and the outside stakeholders, its management team including the board of directors, the employees and keeping in mind the SenAd environment that attributes to the physical structure environment, technological environment, political and legal and the competitive environment. Information security management works like any other management process where the difference here is that the emphasis is more on the focus on the security issues. Successfulsecurityprojects maintain a strong focus on supporting business objectives and use the phases below to structuresecurityprograms: Strategize and Plan:Use risk assessment to identify and prioritizesecurityprojects and programs. Integrate business objectives and initiatives with the risk mitigation prioritization process to define short-term and midterm plans forinformationsecuritymanagement. Architect Solution:The design ofsecuritytools and services must align with enterprise objectives for flexibility, efficacy and cost containment. Identify performance parameters for informationsecurityprojects, and integrate these into solution designs. Select Solution:Securitysolutions can affect nearly all employees and processes. Minimize disruption to operations and maximizesecurityperformance by aligningsecuritysolutions with architectural standards and infrastructure deployment and management models. Operate and Evolve:Use continuous performance monitoring ofsecuritytechnology and services to find and close gaps. Compare updated risk assessments with current performance measures to identify areas for improvement, replacement or development of newsecuritysolutions. Critical Capabilities Definition SIEM technology provides a set of common core capabilities that are needed for all cases. Other SIEM capabilities are more critical for the threat management use case or the compliance use case. Many SenAds will apply SIEM technology broadly across their IT infrastructures and will implement most SIEM capabilities, but they typically start with a narrow deployment that implements a subset of functions to resolve a specific compliance gap orsecurityissue. SenAds should evaluate the following set of SIEM capabilities: Scalable architecture and deployment flexibility: These are derived from vendor design decisions in the areas of product architecture, data collection techniques, agent designs and coding practices. Scalability can be achieved by: A hierarchy of SIEM servers tiers of systems that aggregate, correlate and store data Segmented server functions specialized servers for collection correlation, storage, reporting and display A combination of hierarchy and segmentation to support horizontal scaling During the planning phase, many SenAds underestimate the volume of event data that will be collected, as well as the scope of analysis reporting that will be required. An architecture that supports scalability and deployment flexibility will enable an SenAd to adapt its deployment in the face of unexpected event volume and analysis. Real-time event data collection:SIEM products collect event data in near real time in a way that enables immediate analysis. Data collection methods include: Receipt of a syslog data stream from the monitored event source Agents installed directly on the monitored event source or at an aggregation point, such as a syslog server Invocation of the monitored system's command line interface APIs provided by the monitored event source External collectors provided by the SIEM tool Note: The technology should also support batch data collection for cases where real-time collection is not practical or is not needed. Log management and compliance reporting: Functions supporting the cost-effective storage and analysis of a largeinformationstore include collection, indexing and storage of all log and event data from every source, as well as the capability to search and report on that data. Reporting capabilities should include predefined reports, as well as the ability to define ad hoc reports or use third-party reporting tools. Analytics: Securityevent analytics is composed of dashboard views, reports and ad hoc query functions to support the investigation of user activity and resource access in order to identify a threat, a breach or the misuse of access rights. Incident management support: Specialized incident management and workflow support should be embedded in the SIEM product primarily to support the ITsecuritySenAd. Products should provide integration with enterprise workflow systems, and should support ad hoc queries for incident investigation. User activity and data access monitoring: This capability establishes user and data context, and enables data access and activity monitoring. Functions include integration with identity and access management (IAM) infrastructure to obtain user context and the inclusion of user context in correlation, analytics and reporting. Data access monitoring includes monitoring of database management systems (DBMSs), and integration with file integrity monitoring (FIM) and data loss prevention (DLP) functions. DBMS monitoring can take three forms parsing of DBMS audit logs, integration with third-party database activity monitoring (DAM) functions or embedded DAM functions. FIM can be provided by the SIEM product directly or through integration with third-party products. Application monitoring: The ability to parse activity streams from packaged applications enables application-layer monitoring for those components, and the ability to define and parse activity streams for custom applications enables application-layer monitoring for in-house-developed applications. Integration with packaged applications, an interface that allows customers to define log formats of unsupported event sources, and the inclusion of application and user context are important capabilities that enable the monitoring of application activities for application-layer attack detection, fraud detection and compliance reporting. Deployment and support simplicity: Deployment and support simplicity is achieved through a combination of embedded SIEM use-case knowledge, and a general design that minimizes deployment and support tasks. Embedded knowledge is delivered with predefined dashboard views, reports for specific monitoring tasks and regulatory requirements, a library of correlation rules for common monitoring scenarios, and event filters for common sources. There should also be an easy way to modify the predefined functions to meet the particular needs of an SenAd. References: Michael E. Whitman and Herbert J. Mattord. Management of Information Security, 3rd ed. INFORMATION SECURITY STRATEGIC PLAN, University of Connecticut, Jason Pufahl, (April 2010). William Leonard (2011), The corrupting influence of secrecy on national policy decisions, in Susan Maret (ed.)Government Secrecy (Research in Social Problems and Public Policy, Volume 19), Emerald Group Publishing Limited, pp.421-434 Kimberly A. Galt, Karen A. Paschal, Amy Abbott, Andjela Drincic, Mark V. Siracuse, James D. Bramble, Ann M. Rule (2008), Privacy, security and the national health information network: A mixed methods case study of state-level stakeholder awareness, in Grant T. Savage, Eric W. Ford (ed.)Patient Safety and Health Care Management (Advances in Health Care Management, Volume 7), Emerald Group Publishing Limited, pp.165-189 Nicholas Wilkinson (2011), National security, secrecy and the media a British view, in Susan Maret (ed.)Government Secrecy (Research in Social Problems and Public Policy, Volume 19), Emerald Group Publishing Limited, pp.131-151 Byeong Jo Kim (2009), Civilmilitary relations of Korea in the 21st Century, in Giuseppe Caforio (ed.)Advances in Military Sociology: Essays in Honor of Charles C. Moskos (Contributions to Conflict Management, Peace Economics and Development, Volume 12), Emerald Group Publishing Limited, pp.507-525 Andy Phippen, Simon Ashby (2013), Digital Behaviors and People Risk: Challenges for Risk Management, in Miguel R. Olivas-Lujn, Tanya Bondarouk (ed.)Social Media in Strategic Management (Advanced Series in Management, Volume 11), Emerald Group Publishing Limited, pp.1-26