Security Management


1.Basically discuss the concept of security and traditional securityapproaches.

Securityin Information Technology Management context can be described as aset of policies and procedures that have been put in place to managean organization’s sensitive data in a systematic manner. Securitymanagement is primarily meant to minimize some of the risks that anorganization is exposed to in its day to day operations. Thetraditional approach entailed systematic risk assessment to identifyall the requirements after which the security is designed toestablish the controls or create security policies that are going tobe used to minimize the impact of the risk identified. Thereafter, atest is conducted through a security audit to ascertain whether theimplementation is still in place. However, this approach exposesorganizations to risk due to the increased sophistication of hackers(Siponen&amp Willison, 2009).

2.What are some of the primary differences between the public andprivate sectors in the context of security?

Inthe private sector security, the chief information officers (CIOs)are usually given the flexibility and powers to innovate so that theycan address some of the uncertainties which arise when a company isadopting new technologies(Siponen&amp Willison, 2009).On the other hand, the public sector has its own bureaucracies also,the environment has more strict rules in terms of procurement andbudgeting. This limits the flexibility of managers when responding torapid technological changes and processes, unlike the private sector.

3.What role does the SWOT analysis play in the risk assessment process?

SWOT(Strengths, Weaknesses, Opportunities, and Threats) analysis plays asubstantial role as far as the identification and management of risksin an organization is concerned. First, the approach enables anorganization to determine some of its advantages, areas it can dowell, the resources available as well as the special skills it canuse to minimize or avoid risk. Also, the weaknesses help a companyidentify the areas that make it more vulnerable to risks and possiblysome of the measures it can take to improve or avoid suchsituation(Helms&amp Nixon, 2010).Equally important, opportunities enable the company some of theprospects available that can be used for better performance and thecurrent trends depending on its industry. Lastly, threats areessential for the organization in establishing the obstacles faced inminimizing risks, assessing what the competitors are doing as well asthe impacts of those risks to the sustainability of a company(Helms&amp Nixon, 2010).

4.Explain the importance of security metrics and performancemanagement.

Securitymetrics are very crucial in the sense that they help an organizationidentify the specific goals it needs to achieve. This also entailsthe people involved, what they need to accomplish, the location andthe specific reasons as to why they need to be accomplished. Also,the metrics are used to determine whether those goals are measurable,attainable and realistic. Besides, the metrics are essential indetermining whether those goals were achieved within the periodexpected. Performance management is also important in determining theprogress of the various goals set by an organization. Moreimportantly, the company is able to establish whether they areconsistent with the original plan as well as what should to be doneto facilitate their achievement(Siponen&amp Willison, 2009).


Helms,M. M., &amp Nixon, J. (2010). Exploring SWOT analysis-where are wenow? A review of academic research from the last decade.&nbspJournalof strategy and management,&nbsp3(3),215-251.

Siponen,M., &amp Willison, R. (2009). Information security managementstandards: Problems and solutions.&nbspInformation&amp Management,&nbsp46(5),267-270.