Running head: INFORMATION SECURITY ROLES AND RESPONSIBILITIES 1

Final Project Milestone 2 – Information Security Roles and Responsibilities

Quintana V. Richardson

Southern New Hampshire University

INFORMATION SECURITY ROLES AND RESPONSIBILITIES 2

Introduction

If we always do what we’ve always done, we will always get what we’ve always got

(Brink, 2016). The goal of information assurance is for information to be available to those who

need it, when they need it and it is the responsibility of professionals at every level of an

organization to ensure that this goal is always attainable. While we should understand the

hierarchy of responsibility, information knows no boundaries or rules of engagement therefore it

is up to them to protect that information one way or another (Drucker, 1968).

Role of Key Leaders

Key Ethical and Legal Considerations

Chief Information Security Officer’s should not only hire the best but believe in their

capabilities as well. Network professionals should be perceived as subject matter experts and

trusted advisors to those who oversee making decisions concerning information assurance.

CISO’s should be able to use the knowledge of networking professionals when forced to make

important decisions related to network security (Brink, 2016). In turn, professionals shall stay

abreast of laws and ethics in information security. Private information must be secured and levels

of impedance must be maintained to prevent unauthorized persons from illegally accessing it.

Ramifications. While there have been numerous attacks on popular corporations, some

leaders in information technology have ignored them as if it won’t ever happen to them. The

truth is, it can happen to anyone and without proper risk assessment and management, it will

probably happen sooner than you think. Loss of assets is one of the most common ramifications

of a lack of assurance as companies typically lose a considerable amount of liquid assets, private
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 3

documentation belonging to consumers, and damage to the organization’s reputation (Schou &

Hernandez, 2015).

Key Components of Information Assurance

Confidentiality, Integrity, and Availability are key concepts that aid in identifying

potential problems and providing a solution to those issues. Confidentiality is securing data in a

way that prevents it from being it exposed to those who are not authorized to see it. The

confidentiality of data shall be preserved whether it is being stored or in transit. It should be

expected that all data will not have the same level of security either. While some data may be top

secret, other information may not be very important at all. It is important to identify the threat

level associated with the data to determine the security measures are required to secure it. There

are a host of methods used to ensure data maintains integrity and isn’t tampered with. It is

important that data is reliable and trustworthy and security controls such as encryption, hacking,

and cyclic redundancy checks aid in establishing and maintaining that reliability. As stated

earlier, data must be available when it is needed. Networking professionals must ensure that the

demands of the CIA Triad be met and that there is balance in doing so (Schou & Hernandez,

2015).

Policies related to Integrity, Confidentiality, and Availability

Policies and laws are not the same and they aren’t synonymous. Laws are regulations and

rules created by governing entities to create balance in society at large. Policies can be made to

create structural balance within an organization (Reynolds, 2010). Policies are often created and

implemented as laws to ensure ethical guidelines are met. Policies related to the CIA Triad are

necessary to safeguard data as it traverses the information highway of an organization. They

must know and understand the rules concerning data to as to prevent threats from wreaking
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 4

havoc on the network. When polies are set in place, they must be met. When an employee

violates rules contained within the policy on assurance, the company can penalize that

individual. Everyone must follow the polices concerning data to protect all stakeholders.
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 5

Conclusion

While information assurance can seem like a complex topic, there are ways to maintain

balance and create structure within an organization so that data is protected. As long as everyone

in an organization is trained and aware of potential threats, they can work together to maintain

confidentiality, integrity, and availability of data. It does take hard work but it can be achieved.
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 6

References

Drucker, Peter F. “The Age of Discontinuity: Guidelines to Our Changing Society.” 1969.

Brink, D., Brink, D., Brink, D., & Brink, D. (2016, September 4). The Information Security

Leader, Part 1: Two Roles, Four Questions and Three Challenges. Retrieved from

https://securityintelligence.com/the-information-security-leader-part-1-two-distinct-

Schou, C., & Hernandez, S. (2015). Information assurance handbook: Effective computer

security and risk management strategies. New York: McGraw-Hill Education.

Reynolds, G. W. (2010). Information technology for managers. Boston, MA: Cengage learning.