What Are People Doing To Achieve Security Objectives

What Are People Currently Doing To Achieve Security Objectives For The

What are people currently doing to achieve security objectives for their organization? Where do those security objectives originate? Who are the people who are engaged in security and what are their reasons for engagement? Give an example of what may lead management to implement policies to change an organization culture relating to security? This assignment should be in APA format and have to include two in-text citations and references (or more). Minimum - 400 words

Paper For Above instruction

In today’s dynamic digital landscape, organizations prioritize establishing robust security objectives to protect their assets, data, and reputation. Achieving these objectives requires a comprehensive approach involving technical, administrative, and physical controls, as well as a culture of security awareness. Security objectives are typically derived from both external regulations and internal strategic goals, ensuring compliance with laws such as GDPR or HIPAA, and aligning security initiatives with the organization’s overall mission (Whitman & Mattord, 2021). These objectives often emphasize confidentiality, integrity, availability (CIA triad), and resilience against threats.

Key stakeholders involved in securing organizational assets include senior management, IT security teams, employees, and external partners. Senior management provides strategic direction and allocates resources, motivated by legal compliance, risk management, and reputation protection (Peltier, 2016). IT professionals implement technical safeguards such as firewalls, encryption, intrusion detection systems, and authentication protocols. Employees are crucial as they serve as the first line of defense; their engagement is driven by training programs designed to promote awareness of phishing, social engineering, and safe password practices. External partners, such as vendors or security consultants, contribute specialized expertise to bolster the organization’s security posture.

Management’s motivation to enforce security policies and foster a security-conscious culture may stem from specific incidents or broader risk assessments. For instance, a successful cyberattack or data breach can prompt leadership to reassess and upgrade security policies. An example would be a company experiencing a ransomware attack that exposes vulnerabilities in access controls. In response, leadership may implement new policies emphasizing multi-factor authentication, increased staff training, or a shift toward a security-first culture—integrating security practices into daily operations. Such changes aim not only to prevent future incidents but also to integrate security more deeply into organizational values and behaviors.

In conclusion, current efforts to meet security objectives involve a blend of technical safeguards, policy development, training, and cultural change. Objectives originate from regulatory requirements and strategic priorities, while engaged stakeholders are motivated by risk management, compliance, and protecting organizational reputation. Incidents like breaches often catalyze management to implement cultural and procedural changes aimed at fostering a more secure organizational environment.

References

  • Peltier, T. R. (2016). Information security policies, procedures, and standards: guidelines for effective information security management. CRC Press.
  • Whitman, M. E., & Mattord, H. J. (2021). Principles of Information Security (7th ed.). Cengage Learning.
  • Sullivan, B. J. (2019). Building a security culture in organizations. Cybersecurity Journal, 15(4), 45-59.
  • Williams, P., & Smith, R. (2020). Risk-based approach to cybersecurity: Aligning security objectives with business goals. Information Management & Computer Security, 28(2), 123-134.
  • National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST.
  • Gordon, L., Loeb, M. P., & Zhou, L. (2018). The impact of information security breaches: Has there been a change in organizational behavior? Journal of Management Information Systems, 35(1), 41-57.
  • Kraemer, K. L., & Carayon, P. (2018). Organizational and behavioral approaches to enhance cybersecurity. Health Information Science and Systems, 6(1), 1-10.
  • Sharma, S., & Raghavendra, N. (2022). Managing cybersecurity threats: Strategic policies and organizational response. International Journal of Information Security, 21, 1-15.
  • ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements.
  • Cybersecurity and Infrastructure Security Agency (CISA). (2020). Building a Security Culture. U.S. Department of Homeland Security.

Related Assignments