There are two ways to tackle security management planning
1. Top Down Approach
This is the most effective. In this approach, Upper (senior) management is responsible for initiating and defining policies for the organization. Security policies provide direction for all levels of the organization's hierarchy. It is the responsibility of middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. The operational managers or security professionals must then implement the configurations prescribed in the security management documentation. Finally, the end users must comply with all the security policies of the organization.
2. Bottom up approach
In this method, the IT staff makes security decisions directly without input from senior management. This approach is considered problematic in the IT industry.
1. Top Down Approach
This is the most effective. In this approach, Upper (senior) management is responsible for initiating and defining policies for the organization. Security policies provide direction for all levels of the organization's hierarchy. It is the responsibility of middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. The operational managers or security professionals must then implement the configurations prescribed in the security management documentation. Finally, the end users must comply with all the security policies of the organization.
2. Bottom up approach
In this method, the IT staff makes security decisions directly without input from senior management. This approach is considered problematic in the IT industry.
No comments:
Post a Comment