Running head: INFORMATION SECURITY MANAGEMENT

INFORMATION SECURITY MANAGEMENT

Student Name:
Student ID:
 INFORMATION SECURITY MANAGEMENT 2

Table of Contents
Introduction................................................................................................................................3

Analysis of the scope and importance of Information Security Management for the financial
sector in the UAE.......................................................................................................................3

Goals and objectives of IT and InfoSec team and the role of InfoSec team in protecting the
operations of IT team.................................................................................................................4

Similarities and differences between SecSDLC and SDLC.......................................................5

Analysis and development of Gantt chart of activities in order to implement InfoSec program
in case of enterprise organization...............................................................................................5

Conclusion..................................................................................................................................7

Reference List............................................................................................................................8
 INFORMATION SECURITY MANAGEMENT 3

Introduction

Information Security Management is a highly important technology and quite popular for
developing business. Information security management has maximum uses in the financial
sector in the UAE. It helps the organization by collecting information from customers and
helps in keeping and maintaining several private information. In other words, Information
Security Management protects an organization from several threats and vulnerabilities. In this
essay, there will be a discussion about various scopes and the importance of InfoSec and its
goals and objectives in protecting IT operations. In addition to this, the similarities and
differences between SecSDLC and SDLC will also be reported in this assignment. Further, a
Gantt chart will be provided that will help to implement the InfoSec program within an
organization.

Analysis of the scope and importance of Information Security Management

for the financial sector in the UAE

Cyber security is an integrated part of Information Security management that helps ensure
that all the private and confidential information of the company is safe and should be used for
the benefit of the company only (Uddin et al., 2020). Implementing Infosec will most
importantly help protect assets, making an organization reliable. In 2014, it was reported that
UAE lost 2.8 billion due to downtime and data loss (EMC GLOBAL DATA PROTECTION
INDEX, 2014). It highlights the importance of implementing efficient information security
management to prevent sensitive information from being compromised, increasing users'
confidence and elevating a company's reputation.
Several financial sectors in the UAE have implemented InfoSec in their organization and are
experiencing huge growth in their existing business. As a result, UAE has the best financial
sectors across the globe, which positively impacts the UAE's economy.
Authorization plays an essential role when it comes to asset security as it defines who is
accessing it and under what authority. This can lead to misplacement of information or even
changes to it therefore when it comes to financing, numbers are of great importance. Even if
their order is changed and used without correction, they can lead to large lawsuits and losses
in terms of deals or acquiring loans or investments.
 INFORMATION SECURITY MANAGEMENT 4

Goals and objectives of the IT and InfoSec team and the role of the InfoSec
team in protecting the operations of the IT team

The main goal of information security is as the name suggests, to prevent the loss of
the following three aspects of data:
Integrity: The team works to maintain the data’s integrity in the sense that it protects
it from discrepancies that could be implied through external sources.
Availability: They make sure that data is always available in a comprehensive manner
for the company to use.
Confidentiality: They help with risk assessment and also management to protect the
confidentiality and merits of the data.
Furthermore, they also work to reduce the risk associated with all these factors and
formulate guidance policies that can help improve the internal working and practices
of the organization.
The key activities of an IT team are as follows:
 Strengthening the existing technologies:
By doing so the business is able to communicate and reach clients in a much more
effective manner. They can also stay in competition with external forces and
competitors (Li et al., 2022).
 Skilled and experienced professionals:
Because information technology is a vast and technical field, it is important that only
those individuals are chosen who possess adequate knowledge and potential to grow
and help the company achieve its goals.
 Contributing towards business operations:
They are required to monitor and help with day-to-day business operations.
Here we see that the Infosec team helps to make information and data confidential and
authorized the IT team to delegate and use for daily business operations. It makes their work
easier as they do not have to spend greater time worrying about the integrity and authenticity
of the data, rather they just focus on what they are required to do which is putting the data to
use.
 INFORMATION SECURITY MANAGEMENT 5

Similarities and differences between SecSDLC and SDLC

The Security System Development Life Cycle (SecSDLC) is similar to the Software
Development Life Cycle (SDLC), but the tasks performed in each step of the cycle are
different. SecSDLC is a process that involves identifying specific threats and the
vulnerabilities that such threats pose to a system, as well as the necessary deployment of
security measures to prevent, remove, and control the risks involved. The SDLC process, on
the other hand, is primarily concerned with the models and executions of a computer
network.
There are huge similarities and differences between SecSDLC and SDLC, and some of them
have been discussed below:
Differences SDLC and SecSDLC SecSDLC

Phase 1: Investigation  Defining scope and goals  Outlining project

 Cost estimation process and
 Analyzing feasibility and documentation for
resource availability security policy

Phase 2: Analysis  Assessing system  Legal issues

 Preliminary system  Risk analysis
requirements  Analyzing threats and
 Document finding and security policy
feasibility analysis

Phase 3: Logical design  Assessing business needs  Security plan

 Data support  Response action
 Coming up with multiple  Analyzing merits of
solutions outsourcing project
 INFORMATION SECURITY MANAGEMENT 6

Analysis and development of Gantt chart of activities in order to

implement InfoSec program in case of enterprise organization

Activities 1st 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th
week week week weak week wee week week week week week week
k
Project
charter
Research

Projections

Guidelines

Scope

Budget

Risk
managemen
t
Status

Monitoring

Objectives

Deliverables

performanc
 INFORMATION SECURITY MANAGEMENT 7

Table 1: Gantt Chart

(Source: Self-Created)
The Gantt chart is effective enough for creating several plans that aid in the better
development of an organization (Brčić, M & Mlinarić, 2018). This chart helps provide
all the relevant information about installing InfoSec programs within an organization to
ensure maximum safety and security. For this case, the project charter and research would
take place in the first week as they help form the very basis of the project and its
implementation. Projections and guidelines would be formulated in the second and third
week whereas budget allocation and risk management would take place in the fifth and sixth
week. Over the course of the 7th to 12th-week task such as deciding objectives, deliverables
and performance would take place.

Conclusion

After analyzing the essay, it can be concluded that Information Security Management is
highly important in order to maintain and improve the safety and security within an
organization. The IT and InfoSec team has maximum use in the financial sectors of the UAE,
such as banking and insurance companies. The major objectives of such teams are to
strengthen the existing security systems within the organizations by preventing unauthorized
access to ensure maximum safety. This essay has well discussed the similarities and
differences between SecSDLC and SDLC. The basic principles for these two systems are the
same; however, their activities are different. Further, a Gantt chart has been provided for
implementing the InfoSec program in an organization.
 INFORMATION SECURITY MANAGEMENT 8

Reference List

AuditBoard. (2022, June 6). Auditboard. Retrieved July 6, 2021, from

https://www.auditboard.com/blog/importance-of-information-security-in-

organization/

Brčić, M., & Mlinarić, D. (2018). Tracking predictive Gantt chart for proactive rescheduling
in stochastic resource-constrained project scheduling. Journal of Information and
Organizational Sciences, 42(2), 179-192. https://hrcak.srce.hr/file/310346

De Miguel Aramburu, A. (2020). Vulnerability management in organizations (Master's

thesis, University of Twente).
http://essay.utwente.nl/83694/1/DeMiguelAramburu_MA_EEMCS.pdf

BLi, M., Peng, S., & Liu, L. (2022). How Do Team Cooperative Goals Influence Thriving at
Work: The Mediating Role of Team Time Consensus. International Journal of
Environmental Research and Public Health, 19(9), 5431.
https://www.mdpi.com/1660-4601/19/9/5431/pdf

Uddin, M., Ali, M., & Hassan, M. K. (2020). Cybersecurity hazards and financial system
vulnerability: a synthesis of literature. Risk Management, 22(4), 239-
309.https://www.researchgate.net/profile/Md-Hamid-Uddin/publication/
343724670_Cybersecurity_hazards_and_financial_system_vulnerability_a_synthesis_
of_literature/links/5f59748e299bf1d43cf90811/Cybersecurity-hazards-and-financial-
system-vulnerability-a-synthesis-of-literature.pdf

EMC GLOBAL DATA PROTECTION INDEX. (2014).

https://www.efocus.sk/images/uploads/emc-key-findings-global.pdf