The most memorable security-related event of 2017 was the Equifax breach, in which more than 145 million consumer credit records were compromised and several of the company's senior executives were terminated as a result. This event underscored the value of the security program within an organization's culture. Among the variables that determine how a given organization chooses to structure its information security (InfoSec) program are organizational culture, size, security personnel budget, and security capital budget.

While many IT professionals may think they will have better careers with more rapid advancement or higher salaries in the big IT departments of nationally renowned organizations, they may in fact be better off at a smaller organization. Big organizations have large staffs, full-time and part-time security professionals, and more problems than the typical smaller organization.

 

Your assignment expects you to:

1. Discuss the relationship, if any, between "Infosec Program" and organization's culture, size, Infosec personnel budget and security capital budget.
2. Discuss a real-world example (e.g. case study(s)), as to supports your arguments.  

Part.1:

The following are the relationship between infosec and organizational culture, size, infosec personal and security capital budget:

• In regards to the relation, Infosec involves the selection of business activities that will protect information assets depends on what type of data is handled and whether this is in transit, handled, or preserved. Infosec helps the organization to follow the software and retain each CIA triad (confidentiality, integrity, authentication) within the system of an organization. 
• In this way, the organizational culture describes the thinking and approach to protection to protect vital information from any unauthorized user.
• The size of the organization has grown with compliance, integrating strategy by the culture into policy, where organizations claim that minimum security decisions have been influenced by InfoSec.
• However, the Infosec personnel budget dependent on the business decision that allocates the security gap with scheduling the task. The security capital budget shall assess the budget of the program where the knowledge of the program is conveniently formulated utilizing a cost-benefit analysis.

Part.2:

Case Study:

Here is one of the real-world example- DLP at Berkshire Bank

Introduction: Berkshire Bank is proud to provide its customers with outstanding service and efficiency. It runs financial services in the network, such as Banking, insurance, and wealth Managing. It pulls the security within the data & insight across the business that allows taking a proactive approach to secure the infrastructure of the bank. So to get rid of any threat/breach in the future it allows the InfoSec program to secure from any threat/breach in the system

Objective: In an organization, the main aim of safeguards raw & meaningful data, and only from web attacks. Banks introducing information protection for a wide variety of purposes such as culture, size, personnel budget, security capital budget, and many more. So it adopts the program to secure the data with the CIA triad. 

Placing InfoSec within an organization: 

• In large organizations, InfoSec is mostly situated inside the IT department, managed by the CISO, which directly reports to the CIO.  
• By its nature, the InfoSec program is often at variance with both the aims and priorities of the IT department as a whole.
• If the role of the InfoSec program in the organization has been identified security education, training, and awareness planning (SETA) programs will proceed.
• The SETA program is intended to reduce the occurrence of an unintentional violation of security by staff, contractors, consultants, suppliers, and business associates.
• With this, organizations can easily implicit the nature of the security implement within the system & determine the size of the company is holding to enhance the surety toward the budget (capital & personnel).  

Organizing for security: Among the variables that decide how the information security program is organized with the corporate culture, size, budget for security personnel & security capital. When organizations grow sustainable in size, the departments are not adapting to the requirements of increasingly organizational infrastructures. Security budget & capital budget per user and computer is declining exponentially as companies expand, leaving most of them constrained whenever it comes to enforcing successful security procedures.

Conclusion: As per the organization InfoSec program in an organization easily implemented in a system for the security of less sensitive content users, the password may simply encrypt files. Authentication detectors, firewalls, or monitoring devices may be installed for more sensitive material users. Around the same time as technology grows, so will the offenses connected with it.

Step-by-step explanation

Part.1:

Concerning the relation, Infosec is a collection of techniques for controlling the systems, resources, and strategies required to avoid, track record,s and address threats to both digital & non-digital data. Infosec's roles include a collection of business operations that will secure information assets regardless of what type is processed and whether it is in transit, processed, or stored.

Organization easily implement & maintain the infosec program in IT system & business data. This program allows organizations to protect digital and analog data. This program delivers the entire details for cryptography, social media, mobile computing, and also private, budgets, IT, and networks.

Also, in an organization Infosec allow the organization to adopt the program & maintain the CIA triad in the system. With the culture, the organization sets the values. Through this, the organizational culture determines the thinking & approach of the security to secure the crucial information from any unauthorized user.

At this level, the size of the organization evolved with the security, incorporating planning through culture into strategy, where 80% of organizations say that at least certain security decisions were directed by InfoSec.

Some organizations just use the word "security program" to define a whole range of personnel, plans, policies, and initiatives relating to security.

The deployment of full-time security personnel based on a range of factors, including the sensitivity of the data to be secured, industry regulations, and general profitability in the budget.

The security capital budget determines the capital budget of that program where it easily formulates the information of the given program by analyzing the cost-benefit. The more resources an organization will commit to its personnel budget, more the likely it is to retain significant information security personnel.

Part.2:

Case Study:

DLP at Berkshire Bank is one of the real-world examples.

Introduction:  Berkshire Bank is proud to give its customers excellent quality and performance. It provides financial services on the network, such as finance, insurance, and wealth management. It leverages data protection and experience across the company that enables a proactive approach to protect the bank's infrastructure. To eliminate any potential threat/breach, the InfoSec program is to be adopted so that it provides better security to the user with centralizing information of the customer.

Objective: The organization, adopt the Infosec program & organizational approaches to secure the data & functional components of the information security. With this, the organization decides how and when to plan and personnel the information security program of the company depending on its size. It analyzes internal and external factors that affect the activities & budget of the organization with this security program. 

Placing InfoSec within an organization: 

• Placing the InfoSec program in the bank has been established the SETA programs will begin.
• The purpose of the SETA program is to minimize the occurrence of an accidental breach of security by employees, contractors, consultants, suppliers, and business associates. By doing so, companies can easily imply the essence of the security applied within the system and assess the size of the company holding to improve security.
• The size of the organization has increased with respect, incorporating culture strategy into a policy where organizations believe that minimum security decisions were affected by InfoSec.
• They will enhance the actions of employees. Also, allow the company to keep workers responsible for their acts. 
• Also, Security & capital budgets are grooming faster than IT budgets. With a vast multi-million dollar budget, the total amount per consumer is still less than most other forms of company.
• With a vast multi-million dollar budget, the total amount per consumer is still less than most other forms of company. Business continuity plans easily enhance & deliver with detailed data & hands-on instruction so that they enable them to perform their duties securely. 

Organizing for security: While organizing the security, the main function performed by IT groups beyond the information security field of management control, such as-Management of systems security, network security, and centralized authentication. Also for the budget & size, it is more reluctant towards the program to adopt the Infosec. The more resources an organization will commit to its personnel budget, the more probable it is to retain a large amount of data in security personnel.

Conclusion: Information security in a small company is frequently the responsibility of each security administrator. Such companies often have nothing in the way of structured strategy, planning, or security procedures, and often outsource their online presence or e-commerce operations. In large organizations, InfoSec is mostly situated inside the Information Technology Department, managed by the CISO, which gives orders to the executive officer or the CIO.