IS managers are charged with the security state of the organization. Like the war-fighter, IS managers must rely on computer and network systems to provide real-time data about cyber threats, which affect their organization’s security posture, in order to make decisions regarding managing the security risk. However, IS managers face many challenges in achieving clear awareness of their organization’s security state. They must balance the workforce’s capacity to comply with frequent security advisories and reporting requirements; conduct continuous hardware and software upgrades; and respond to threats. One problem is that organizations treat different aspects of cyber security such as asset management; configuration management; intrusion prevention; vulnerability management; certification and accreditation (C&A); and incident detection and response as isolated processes that are not …show more content…
The first step is certification, a process in which information security managers provide supporting data and evidence for security assurance. To do so, information security managers must conduct a comprehensive assessment of information systems determining the extent to which security controls are implemented correctly and are operating as intended. Managers will also ensure devices or systems are configured appropriately to enhance the overall security posture. Lastly, they will update or fix any software vulnerabilities before the certification package is forwarded to the next approval