Baseline Security Requirements for Enterprise Risk Management
Student’s Name
Institutional Affiliation
Course
Tutor’s Name
Submission Date
Introduction
System security as a risk management objective refers to a group of activities carried out by an organization’s chief information officer to restrict malicious access, minimize data interference, and lockout potential information thieves from an organization’s system. Data security as a means of risk management entails preventive measures to cover a system from unwarranted risk of data loss, destruction, or manipulation, all cations that could cost organizations clients, businesses, and resources in monetary assets that could add up millions.
System requirements for the design phase define the obligations with which stakeholders associate a system or part of it, including security management. Baseline security requirements refer to a set of conditions for performance or expectations, designed for a course by various stakeholders and agreed upon by all participants before any move to implement a security system for an organization commences. Despite the existence of different baseline requirements for implementing organizational security, the type of company involved, the organization’s activities, and the security analyst hired are some of the actors that influence the prioritization of requirements (Sheikh, 2020).
Baseline Security Requirements
For cloud-based risk management systems, the I.T security team focuses on requirements that guarantee information storage and backups, selective access to data in storage, continuity, and stability in case of interruptions. Consequently, the baseline requirements that inform security system design for risk management enterprises respond to the factors mentioned earlier. For clarity in establishing security baselines for system security implementation, analysts classify the categories of factors that determine security design into three distinct classes, each of which possesses definitive baseline requirements to guarantee a computer system’s security concerning its risk management strategies. The two different levels of security baseline determination of interest, in this case, include Data Access and Continuity (Sheikh, 2020).
- Data Access
Organizational information remains safe and useful as long as it is in the right hands. For that reason, security protocols defining information access within an organization play a significant role in ensuring system security by implementing specific baseline requirements associated with information access. These baseline requirements include;
- Least Privilege
The least privilege principle as an approach to data security calls for regulated information access that provides data on the necessity and does so by limiting the application of administrative privileges accorded to system administrators. It also separates all sessions of a system’s operations technically to avoid interactions that could compromise data flow. By separating sessions, it reinforces the purity of accounts management, ensuring that all information access is regulated according to need and applicability.
- Strong Authentication
Authentication is system security primarily refers to log-ins and account accesses and, as such, have the power to lockout or let in an individual to the system. In designing security systems, the designers have a responsibility to create vital log-in prompts that demand complex passwords from various account holders, which feature symbols, figures, digits, and letters. The inclusion of multiple characters provides extra security against individuals who may seek to guess passwords or attackers who use hacking’s brute force approach.
- Asset Protection
Asset protection in I.T security entails allocating security resources under the value of the system’s information. In this way, an SIO guarantees minimum damage in case of a breach since the most valuable information has the best protective resources available, leaving only minimal value data to the mercy of an attacker. It is also a logical move, given that all systems are variously faced with resource shortages. As such, equality in resource distribution is equivalent to intentionally weakening the security of valuable information assets.
- Continuity
The value of data relies on its suitability of use as information, an amount that disappears in case of distortion of any kind (Koo et al., 2019). Therefore, basic security requirements for any system calls for guarantees to its efforts at ensuring continuity in the value of data by preventing unnecessary distortions at any moment. The provisions which define data continuity include,
- Supply chain security
A need for holistic implementation of security protocols intended to protect data and related services, supply chain security calls for assurances of sincerity of product, protection from damage/interference during operations, and a warranting of the product’s life cycle.
- Documentation transparency
Through documentation transparency, the project manager improves the overall awareness of the project’s features, providing direction and guidelines to the rest of the organizational members that interact with the system. In cases of disruptions, the security system’s clear documentation enables the recovery team to actively look for and find backup solutions and procedures to avoid information loss.
Conclusion
A requirement baseline guarantees project success to design and implement a functional security system for an organization’s I.T wing. During project preparation, its presence provides a means of evaluation to keep the project on track and establish t its end that the end product resembles the product intended for development by those atop the organizational hierarchy.
References
Bauer, E., Schluga, O., Maksuti, S., Bicaku, A., Hofbauer, D., Ivkic, I., … & Wöhrer, A. (2017, December). Towards a security baseline for IaaS-cloud back-ends in Industry 4.0. In 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 427-432). IEEE.
Koo, J., Kim, Y. G., & Lee, S. H. (2019, January). Security Requirements for Cloud-based C4I Security Architecture. In 2019 International Conference on Platform Technology and Service (PlatCon) (pp. 1-4). IEEE.
Sheikh, A. F. (2020). Baseline and Secure Software Development. In CompTIA Security+ Certification Study Guide (pp. 163-183). Apress, Berkeley, CA.