Question

2) Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security management model

Answer 1

A security management model (SMM) is a representation of all the things that a firm or business can do to ensure that its environment is secure. A Security Management Model does not provide details of the security management process itself.

Sometimes, the job of the Security Manager is just to pick a generic model then adapt it to the requirements and peculiarities of the organisation.

Some security models one can select from are:

• ISO 27000 Series (International Organization for Standardization)
• ITIL (Information Technology Infrastructure Library)
• NIST (National Institute of Standards and Technology) and
• COBIT (Control Objectives for Information and Related Technology)

Some of the interesting components of the security management model that can be adapted for use in the SMM are:

1. Identification of the Impact of a security breach on the business;
2. determine preventive measures and
3. developing recovery strategies

Cheers!