Book contents
- Frontmatter
- Contents
- List of illustrations
- Acronyms
- Foreword
- Foreword
- Acknowledgements
- Preface and overview
- 1 General orientation
- 2 Concepts in security information management
- 3 Security information management in practice
- 4 The need for a theoretical framework
- 5 Security information management model
- 6 Security information management process
- 7 Summary
- Bibliography
- Index
5 - Security information management model
Published online by Cambridge University Press: 11 November 2021
- Frontmatter
- Contents
- List of illustrations
- Acronyms
- Foreword
- Foreword
- Acknowledgements
- Preface and overview
- 1 General orientation
- 2 Concepts in security information management
- 3 Security information management in practice
- 4 The need for a theoretical framework
- 5 Security information management model
- 6 Security information management process
- 7 Summary
- Bibliography
- Index
Summary
OBJECTIVES
• Discuss the problems that gave rise to a security information management model.
• Reconstruct the model for the collection and analysis of security information and the mitigation of security risks.
• Apply the model for the management of security information, describing each stage.
• Formulate a policy framework for the management of security information.
INTRODUCTION
Security information collection first emerged in the mid-1950s. From then onwards the extent, complexity and detail of security information collection, analysis, interpretation and utilisation changed dramatically and developed in many different ways. These changes and developments in the field of security management, gave rise to the design and development of a security information management model (SIMM). All stakeholders in an organisation need to be informed of these changes and developments, in order to ensure that they are aware of the importance and impact of security information in their overall work environment. Contextually, security management will derive the most significant benefits from the SIMM, which should be integrated into the organisations’ existing functional processes. Security information management should be seen as part of the existing functional processes of an organisation. Incidents, threats and vulnerabilities have the potential to affect an organisation's assets negatively. Information on these incidents, threats and vulnerabilities are important to security. It is therefore necessary for this security information to be managed effectively and efficiently, so that correct decisions can be made on the implementation of security risk control measures. A SIMM is important for the management of security information. This chapter will discuss the design and development of the SIMM.
DEVELOPMENT OF A SECURITY INFORMATION MANAGEMENT MODEL
No specific SIMM currently exists for the collection and analysis of security information on security incidents, threats and vulnerabilities, and for the implementation of appropriate security risk control measures to reduce crime, increase detection rates and prevent losses in organisations.
Justification for the Model
Collection of security information
According to the respondents, no policy framework exists for the collection of security information. In general, security information is not collected according to the threats and vulnerabilities confronting an organisation. Most of the information is randomly collected by security managers, investigators and supervisors. This type of collection is done mainly by using technical and human methods.
- Type
- Chapter
- Information
- Managing Security InformationIncidents, Threats & Vulnerabilities, pp. 61 - 87Publisher: University of South AfricaPrint publication year: 2018