Countries, communities with common interest, and international organizations sta
ID: 3733646 • Letter: C
Question
Countries, communities with common interest, and international organizations started developing and publishing their cyber security strategies. Among these different approaches of security strategy development approaches are:
-The Top-Down vision driven security strategy development Approach
-The Bottom-up Incident driven security strategy development Approach.
1. A brief overview of each of the above security strategy development approaches
2. Key challenges associated with each security strategy development approaches
3. Compare and contrast each security strategy development approaches thorugh the use of metrics
4. Please clearly state if you think one is better than the other or not. And explain your answer how and why you stated like that.
Explanation / Answer
one type of management style has essentially dominated workplaces: top-down management. Supervisors tell their employees what tasks to complete, and employees complete them. This is still the basis for most organizations across all industries.
However, as employers work harder to keep up with the rapidly shifting economy, some organizations have begun to move in a different direction. More companies are embracing bottom-up management styles that rely more on employee feedback. As organizations evaluate bottom-up management, it’s imperative for business leaders to understand the details, benefits and drawbacks of the two management styles.
Top-down Management
Top-down Management is the most commonly used management style, it's a kind of autocratic leadership.
Autocratic leadership is the process of higher management or the CEO reaching or arriving independent conclusions that improve or change the orkplace of the business Systems. The conclusions hich are bought by the top management are handed don to employees, who work to accomplish the goals on their own or with other employees. Some lower-level managers may have input into how to accomplish the end goal, but they may not have much authority to change policies without approval from the highest level of management.
Advantages :
Making decisions from the top allows leaders to be clear on goals and expectations. It also gives employees more time to focus on work duties instead of attending meetings discussing potential directions of the company. When a strong leader is at the forefront, managers can quickly and effectively take charge, assign tasks to teams or employees, and establish solid deadlines. Autocratic leadership gives companies a drive that they might not have otherwise.
Top-down decisions are often successful when they are highly researched by the leadership. All aspects must be taken into consideration, especially how a decision will affect employees. This is why autocratic leadership is especially beneficial to organizations with talented and knowledgeable leaders.
Disadvantages :
When used correctly, top-down management can help establish a clear vision for company direction. But it can just as easily be viewed as bossy or dictatorial. Particularly with a weak leader, employees can grow resentful and challenge unilateral decisions. Thus, autocratic leadership is not best for businesses struggling to implement change effectively. With only the senior executives making decisions, their conclusions may be seen as lacking creativity and being harmful to overall performance.
Bottom-up Management:
n some situations, a top-down management style is simply impossible. There may be a large amount of brainpower among employees to draw upon, or executives may be unable to appear knowledgeable. Sometimes another path may be better. Enter bottom-up management.
a project management solutions firm, describes bottom-up management as a process where “team members are invited to participate in every step of the management process.” This system allows managers to communicate goals through milestone planning, and team members are encouraged to come up with the steps needed to reach the milestones on their own. How tasks are performed is up to the teams, and they feel involved in project development.
Advantages :
Bottom-up management allows all levels of an organization to become a part of the process and helps make everyone feel a large part of the goal. This can help build morale and improve productivity. Employees are more open to work and strive harder to reach goals and objectives in the ways that work best for them.
Bottom-up management styles allow for the full talents of employees to be used. A lower-level employee may have unique insight on how to solve a common problem. Employees can share their solutions and perhaps pass them on to others in their team. This kind of collaboration can improve processes in new ways.
Disadvantages :
Allowing all employees to engage in decision-making does have possible pitfalls. Becoming engaged in the process can bog down employees and lead to too many unproven ideas being suggested. With too much input, managers may have a harder time finding an effective plan for reaching goals. This may lead to an inability to choose one plan and stick with it or constant altering of processes and goals.
In a highly competitive environment, employees may struggle to separate ego from the bigger goal. This could lead to significant divides between employees and teams as well as possible conflict that may have a negative effect on productivity.
The following are the key actions that need to be addressed to provide effective information security and governance to protect the information assests
-> Align the security program ith business needs.
-> Develop an information secirity startegy.
-> Determine and manage the acceptable risks.
-> Create information security management structure.
-> Communicate effectively ith the CEO, CIO, CTOs
-> Create a security aareness culture.
-> learn from the older security incidents.
-> Understand the existing and emerging las that impact organization
-> create Security policies ith organizational participation.
with the increase in the certainity the information security program ill be effective and reduce the likelihood that internl and external threats ill damage the information program.
The information security officer role has been emerging and was initially viewed primarily as a technical role. Hoever today the function must combine leadership leadership, magagerials and technical abilities ith emphasis on the leadership and managerial abilities to inceasing market share.
Top-Down Vision-Driven Security Strategy
Company Vision
|
Mission Statement
|
Information Security Mission Statement
|
Information Security Goals Aligned to Business Goals
|
Year 1 initiatives
|
year 2 intiatives
|
Year 3 intiatives
|
Security Project A
|
Security Project B
we should develop a stratagy to develop and implement an information security program to deal.
Even with the proliferation of information and the complexity of the environments that house this information, information security as a whole is still regarded as an IT issue that involves the creation of USER ID's or accounts, and issuance of passwords.