Security is the degree of protection that is usually against danger, damage and loss. Security is a form of protection and has structures that implement the same. According to ISECOM, security is a form of protection whereby a separation is created between the assets and the threat. It includes elimination of the asset from the threat or elimination of the threat from the asset in question.
Planning is the procedural way of organizing events. It involves laying down all the requirements for a particular event and then establishing the procedure at which they are to be executed.
Security planning is therefore the ac t of having all measures of security and then laying down the systematic way of handling them.
Security is necessary in every environment in order to realize the well-being of the society. Different institutions are face with different threats and each will be successful only if proper security measures are put in place. In the field of information technology, the threats received there are different from the threats that are received in homes. The information technology field or computers for instance, are exposed to threats like attack by viruses, theft, loss of information, crushing of hard discs and unpredictable system failure. Necessary steps are to be taken in order to ensure that the problems are avoided at all costs and in case they occur, there are devised ways of handling them.
In our study, we are going to have a look at security planning and the way two different books handle the issue of security planning. A comparison is to be done on the two books and we are going to establish whether which book is better than the other. The two books to be handled in our case are planning for Security: Principles of Information Security by Steven Covey and Mark Egan (CIO at VMware).
The two books at a glance
- Planning for Security: Principles of Information Security by Steven Covey
The text, planning for security offers a systematic approach on the concept of information security. It does so by defining the role of management in developing, maintaining and the enforcement of information security policy.
The procedure involved here includes creation of information security program or the review of an organization’s information security policies, standards and practices.
The second procedure is the selection of information security architecture and then the development of the policy.
In summary the text handles all aspects of information security detail by detail procedurally until everything is unearthed.
- Mark Egan (CIO at VMware)
This text is based majorly on the analysis of the risks involved. The analysis are done and represented graphically. This text offers a better understanding of the process of information security planning as everything is done quantitatively.
The two books address the security as being an important aspect to be taken into consideration. They address risk as being affected by probability, vulnerability and threat. They further go ahead to show that risk is the major cause of insecurity in the information technology field and therefore has to be handled with care in case the ultimate security is to be achieved.
Both books look into detail the use of conceptual framework to analyze threats and measures to be taken in order to improve the security. Mark Egan (CIO at VMware) addresses risk using a diagrammatic representation which has graphs and charts. Planning for Security: Principles of Information Security by Steven Covey on the other hand uses textual representation which is procedural and easy to understand.
The two books have a similar approach towards assessing information security and how planning can be done in order to ensure that there is proper security to the information systems in question. Their approach is based on probability of occurrence and they devise ways of dealing with them. Both of them consider risk to be uncertain and can occur at any time and therefore security has to be tightened at all times so that incase anything happens, no major damages are caused.
The two books lay a major weight on discussing the risk of information systems and the vulnerabilities of each information system. In this case, a detailed account is given on how to avoid the occurrence of a risk. It is stated categorically that Information security, management and users, and information technology all must work together in order to achieve better results at the end of the study. The security of all the information systems in place depend on the cooperation of all the stakeholders involved.
Planning for Security: Principles of Information Security by Steven Covey has a systematic approach by introducing and defining different aspects of information security. Mark Egan’s text on the other hand, is based majorly on the analysis of security. Most of the analysis involved here are done quantitatively.
It easy to understand Steven’s way of presenting information due to its systematic and easy to understand approach. Mark Egan’s text on the other hand is not very easy to understand or interpret the information. It is therefore only suitable for professionals who can interpret all the information represented.
Work cited List
Planning for Security: Principles of Information Security by Steven Covey
Mark Egan (CIO at VMware)