Académique Documents
Professionnel Documents
Culture Documents
Quintana V. Richardson
Introduction
If we always do what we’ve always done, we will always get what we’ve always got
(Brink, 2016). The goal of information assurance is for information to be available to those who
need it, when they need it and it is the responsibility of professionals at every level of an
organization to ensure that this goal is always attainable. While we should understand the
Chief Information Security Officer’s should not only hire the best but believe in their
capabilities as well. Network professionals should be perceived as subject matter experts and
trusted advisors to those who oversee making decisions concerning information assurance.
CISO’s should be able to use the knowledge of networking professionals when forced to make
important decisions related to network security (Brink, 2016). In turn, professionals shall stay
abreast of laws and ethics in information security. Private information must be secured and levels
of impedance must be maintained to prevent unauthorized persons from illegally accessing it.
Ramifications. While there have been numerous attacks on popular corporations, some
leaders in information technology have ignored them as if it won’t ever happen to them. The
truth is, it can happen to anyone and without proper risk assessment and management, it will
probably happen sooner than you think. Loss of assets is one of the most common ramifications
of a lack of assurance as companies typically lose a considerable amount of liquid assets, private
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 3
documentation belonging to consumers, and damage to the organization’s reputation (Schou &
Hernandez, 2015).
Confidentiality, Integrity, and Availability are key concepts that aid in identifying
potential problems and providing a solution to those issues. Confidentiality is securing data in a
way that prevents it from being it exposed to those who are not authorized to see it. The
expected that all data will not have the same level of security either. While some data may be top
secret, other information may not be very important at all. It is important to identify the threat
level associated with the data to determine the security measures are required to secure it. There
are a host of methods used to ensure data maintains integrity and isn’t tampered with. It is
important that data is reliable and trustworthy and security controls such as encryption, hacking,
and cyclic redundancy checks aid in establishing and maintaining that reliability. As stated
earlier, data must be available when it is needed. Networking professionals must ensure that the
demands of the CIA Triad be met and that there is balance in doing so (Schou & Hernandez,
2015).
Policies and laws are not the same and they aren’t synonymous. Laws are regulations and
rules created by governing entities to create balance in society at large. Policies can be made to
create structural balance within an organization (Reynolds, 2010). Policies are often created and
implemented as laws to ensure ethical guidelines are met. Policies related to the CIA Triad are
must know and understand the rules concerning data to as to prevent threats from wreaking
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 4
havoc on the network. When polies are set in place, they must be met. When an employee
violates rules contained within the policy on assurance, the company can penalize that
individual. Everyone must follow the polices concerning data to protect all stakeholders.
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 5
Conclusion
While information assurance can seem like a complex topic, there are ways to maintain
balance and create structure within an organization so that data is protected. As long as everyone
in an organization is trained and aware of potential threats, they can work together to maintain
confidentiality, integrity, and availability of data. It does take hard work but it can be achieved.
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 6
References
Drucker, Peter F. “The Age of Discontinuity: Guidelines to Our Changing Society.” 1969.
Brink, D., Brink, D., Brink, D., & Brink, D. (2016, September 4). The Information Security
Leader, Part 1: Two Roles, Four Questions and Three Challenges. Retrieved from
https://securityintelligence.com/the-information-security-leader-part-1-two-distinct-
Schou, C., & Hernandez, S. (2015). Information assurance handbook: Effective computer
Reynolds, G. W. (2010). Information technology for managers. Boston, MA: Cengage learning.