Security Management


Are you confident that all the resources in your ICT environment are protected from misuse?
Are your IT users protected from external parties trying to interrupt their daily use of the systems?
Are you confident that your ICT users can only see information they should and that access to all your systems are all properly classified, logged and auditable?
If not, it’s time to develop your security management process and start managing the security of your environment.

Your ICT environment must operate safely, in order to protect your ICT users, the ICT environment and the data stored on it, you need to be able to secure it. Security Management is concerned with developing the techniques and managing the tasks that will allow you to do this.

Aim
The aim of this section is to introduce the topics of eSafety and Security Management and to help you implement the process within your environment in an easy and effective way.
Objectives
The objectives of this section are to enable you to:-
• understand the concept of eSafety and addressing your security policies and procedures to maintain a safe environment for your ICT users
• understand the various aspects involved in securing your environment
• understand the importance of developing a security strategy and developing your own security policies
• understand the need to manage both your physical and data assets
• understand your responsibilities for data security and protection
• understand the issues around user administration and maintaining a secure user environment
• develop methods for managing your users’ secure access to resources and protecting them within that environment
• develop standards for installing and managing systems within your secure environment
• understand the need and benefits of auditing and monitoring system access
• develop your network security both its perimeter and its internal infrastructure

What is Security Management?
Security is the management of risk. Within your ICT environment, you are managing the risks of loss or damage to your assets and data. It is important that the form this loss can take is identified. Losses can include:-
• Confidentiality of information
• Integrity of data
• Assets
• Reputation
• Efficiency and performance
• System or equipment availability
Security is concerned with the implementation of procedures that minimise the chance and impact of these losses.

Why use Security Management?
Any organisation that is storing data has a legal responsibility to protect that data from inappropriate or illegal use. Security Management allows the risk associated with storing and providing access to the various types of data in use, within an organisation, to be properly assessed and managed.
Security management is responsible for the whole environment in which the data is secured. Only by managing the total environment can all risks be properly measured.
In this way, preventative measures can be put into place to minimise the risks and a safe and secure computing environment maintained.

All IT users and staff will be responsible for the day to day operation of a secure environment.

Successful Security Management requires the cooperation and support of everyone involved in a schools day to day operation.

Who uses Security Management?
Security Management should be managed by someone with a senior role in the school.
Remember that your ICT services are often affected by third parties such as telecoms providers, support and maintenance suppliers and so on.
You will need to include them in your plans because their own services will be affected by any security procedures you put into place and your requirements may need them to change their procedures.

How Security Management works
Security Management begins by developing the Security Strategy and setting up the Security Policies. This provides the terms of reference for an internal Security Control function.
Security Management Process
Security Management Process Flowchart
This initiates a cycle of activity:
• Plan
• Implement
• Evaluate
• Maintain

The overall cycle is managed and controlled by the security management resources available to the school.

Security Management Process
Security Management begins with an understanding of the schools security requirements.
These are translated into a direction (Security Strategy).
This direction is implemented by developing security policies: directions to staff and ICT users of how to use and what is expected of a secure environment.
These policies are then used by staff implementing new systems or by users of those systems.
By reviewing the performance of these policies against real security incidents, the establishment (both Technical Staff and Senior Leadership Teams) learns of actual threats and vulnerabilities, and can then propose improvements to the overall security.
These proposed improvements, if accepted will be fed into a new cycle of planning maintaining the overall security strategy

Leave a Reply

Keep Safe Online – Internet Safety Course

News Update

We have now included the FITS Internet Safety course within the FITS members area providing even more value for our members.
If you are not already a FITS member or your membership has expired we encourage you to join now to get the Internet Safety course at a much cheaper rate than it was previously.
Check out the Internet Safety course with us

News

Ruby on Rails - Serious exploit
This item is a heads up in case you are running Ruby on Rails. There is a serious exploit for RoR out in the wild. Full information is posted here

If you are not running any Ruby on Rails websites then this does not affect you.

Testimonials

"... Indeed I do see FITS as an adapted for education variation of ITIL, as the industry standard (ITIL) is quite hard to implement "by the book" in an educational organization"
- Todor Kotsev - ICT Services Manager/ITIL Service Designer




“… absolutely perfect content for our current IT environment. Extremely relevant.” “… George was a brilliant presenter. If we were to have any further training we would like to request him."
Taryn Hauritz – Director of Learning Technologies

Request Our Report




The FITS Foundation sponsors