The Need for Investing in Information Security (Essay Sample)

Information Security
Name:
Institution:
Introduction
Building a world-class security center requires the efforts of people, technology, and systematic process. People generate ideas needed in utilizing the advanced technology to enhance information security. The ideas from various technology gurus are brought together and assimilated towards achieving the same goal, below is an elaborate critique of the entire article.
Critique based on the need for investing in information security
The organizations should set aside resources to enhance security for their information. That is because organizations have developed intellectual property that needs proper security measures to prevent hackers from accessing it. The article, however, fails to acknowledge that mobilizing resources might be tricky for most organizations. By recognizing the difficulty involved in resource mobilization, the article should have recognized the role of government in financing the development of world class security operation centers (Ding-Long, Rau & Salvendy, 2010). The intellectual property developed by an organization gives it a competitive edge over its competitors and hence the need to protect it.
Organizations like banking institutions have sensitive information belonging to customers. If such information is not well secured it might be hacked leading to theft through digital money transfer. The article does not explain the sensitivity of clients to information security yet customers are always keen on ensuring that they only deal with organizations that guarantee safety for their confidential information (Hui, Hui & Yue, 2012). That therefore, means that in case the organization loses customer's' confidential information, the clients are likely to shift their loyalty to other organizations they perceive to be safer, and that would negatively affect the market share for the organization, hence the need for organizations to heavily invest in information security.
By investing in information security organizations would be able to detect incidences of security attacks and launch investigations that would lead to mitigation before damage is done to the organization, however the article does not give elaborate information on how that would be achieved. To achieve better security organizations should invest in people, procedures and put the right infrastructure in place. Thus, organizations should put resources in training personnel that would deal with information security. The training should involve the use of sophisticated software and programming languages used by hackers (Hui & Yue, 2012). The training should also involve a series of practical trials to come up with more advanced secure solutions.
Critique based on the need for a clear roadmap
Developing a world-class security operation center requires a clear plan that should be followed systematically. However, the article does not indicate the stakeholders needed in developing the roadmap hence making it hard to achieve the end goal of a world-class security operation center. The article should have indicated the stakeholders required such as senior management and software developers. The advancement in information security crimes is at a high rate and hence a world class security operation center need to be implemented in phases so as to incorporate such challenges in the development of security operation center. The clear roadmap will provide a chance for identifying gaps that need serious attention (Ding-Long, Rau & Salvendy, 2010). The shortcomings identified through a clear plan can then be used as goals to be achieved in enhancing security for organization’s information. The road map is necessary for ensuring that technology and processes are implemented in stages so that the development of security operation center moves in line with the personnel, budget, and cultural constraints. That leaves organizations with enough resources to continue with normal operations.
Critique based on people as a function of the security operation center
For the security operation center to be effective people are required. However, the article does not specify where the people will come from yet external people cannot be trusted to manage confidential information of organizations (Ding-Long, Rau & Salvendy, 2010). That implies that organizations would have to train some of their employees to work on the security operation centers. Drawing employees from their normal duties to manage security functions would also imply that the normal productivity of the organization would be affected.
Critique based on technology as a function of the security operation center
The development of world class security c