HLS 625 Module Paper 1: Information Security Management

Hls 625 Module Paper 1: Information Security Management
Name
Institution
Date
Information Security Management
Information security is an act or practice of protecting information, and data from unauthorized access, use, destruction, modification, disruption, and disclosure. Information security is a strategy that comprises all the tools and processes required to detect and prevent data from threats. Several processes and policies are involved in order to detect and prevent malicious practice. Security governance is a set of many disciplinary structures, procedures, processes, policies, and control, which is implemented to manage information. Information governance is done at enterprise levels so as to support operational requirements, legal, risk, and future regulatory of an organization. Security governance is a system of IT security that is directed and controlled by an organization, and is there to ensure that security strategies can cope with the business objectives and are compatible with the regulations (Yaokumah & Steven, 2014).
Information security management is the control system that is established by an organization or a company to manage one’s information. This is done to ensure the information, and data of a company remains secure from malicious events that could cause data loss, damage or misuse of data (Yang, Yuan & Nung, 2016). However, information security (IS), security governance (SG) should not be confused with information security management (ISM). Information security is the act that involves process required to detect, and prevent data loss or damage of information in an organization. Security governance determines who is to make those decisions, and management is concerned with making those decisions to reduce risk. Governance is there to ensure security strategies are compatible with the regulations whereas management is there to recommend the strategies of security in an organization.
Top-down approach management remains very popular among project management. "Top-down" is a phrase generally used in management meaning all directions come from the top. These directions are established by the top management, and communicated to other participants. For instance, a project objective is established by the top management where guidelines, plans, information, and the process of funding are laid down for the rest of other project participants. The expectations of project managers are communicated to each participant, and one should be very specific when passing one’s expectations. This process is formal, and is found in very many organizations. However, in this process, power is centralized meaning there will be no collaboration between the top management, and other team members affecting the freedom, and productivity of the team members because one is not motivated morally to do ones job (Kim, Fabian & Christoph, 2014).
This is an era on which enterprises and organizations are susceptible to cyber terrorism, and thefts. Enterprises need to be more strategic about how one relates to the outside world, how one trusts employees, and customers, what the enterpr...