What are the functions of security?

Page Menu

Information Security Mission

The mission of Information Security is to design, implement and maintain an information security program that protects the Medical School's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The Information Security Department is committed to engaging the Medical Schhol community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Information Security Approach

• Foster a culture of empowerment, accountability and continuous improvement
• Demonstrate a consistent Information Security and Compliance message through effective communication and partnerships
• Prioritize information assets and processes
• Strive to influence positive and meaningful change within IT and UMass Chan as a whole
• Identify and prioritize risks
• Implement foundational security controls across key assets
• Build a targeted security capability model
• Develop the security improvement roadmap
• Ensure governance and organization engagement

Information Security Scope

• Protect the assets of the Medical School through secure design, operations and management governance
• Align work and work products within UMass Chan-relevant laws, regulations and requirements
• Apply a risk-based approach to our security design, guidance and decisions
• Continuously safeguard against current and potential threats

Information Security Importance

The importance of a proactive Information Security team is to provide the framework for keeping sensitive data confidential and available for authorized use while building effective relationships with our business and IT partners.

Information Security Principles and Goals

• Protecting the confidentiality of data
• Preserving the integrity of data
• Promote the availability of data for authorized use
• Proactively identify risks and propose viable mitigation steps
• Cultivate a proactive risk management culture
• Implement "best practice" threat management strategies and processes to reduce threats 

The Controls Framework

• Policy Development
• Security Awareness
• Internal Risk Assessments
• Third-party Risk Assessments
• Risk Remediation Support
• Secure SDLC
• Record retention schedule management
• SOC 2 Facilitation
• Threat protection & monitoring
• Malware detection (ePO)
• Threat correlation & reporting
• Incident response
• Computer forensics
• Vulnerability management
• Application scanning
• Penetration testing
• Campus & industry threat collaboration
• Security training administration

Legislative, regulatory, contractual requirements and other policy-related requirements -Information Security works closely with several departments, including the Office of Management (OOM) and Institutional Review Board (IRB) to ensure that sensitive information is appropriately protected. 

• Privacy & Compliance liaison
• UMass President's Office & UMass Chan Legal liaison
• Subpoena and Public records requests support
• Internal and External Audit participation and response
• Regulatory guidance and direction
• HIPAA Analysis / Assessment Security Oversight
• IRB Support

To learn more about Privacy, please visit the UMass Chan Privacy page.

An organization’s security officer must have complete knowledge of the global standards that are enacted to ensure better security of an organization’s assets. Therefore, the duties of a security officer are manifold. He should devise the security program of the company, plan and develop the security information of the company, monitor security concerns, and developing a workforce that is competent and capable enough to keep abreast of security issues. And he should carry out risk analysis at stipulated periods and appropriate time intervals.

Few of the responsibilities of a security officer are to implement modern and up-to-date electronic devices to reduce and eliminate security threats, enforce and implement security controls, carrying out investigations regarding breach of security, carrying out investigations into perceived causes of losses and reasons thereof, investigating into occurrences of theft, hiring and training competent personnel, monitoring and maintaining alertness over unusual activities and movements, and streamlining the entire security system, etc.

Implementation of Security Functions

The toughest part of an effective security program lies in implementation. Although many standards on information security have been evolved over past few years, not all these remain applicable for an organization, as standards are only general guidelines intended to guide conduct. Effective implementation of security standards and functions requires a devoted effort on part of management down to the workers and end-users. To implement these functions and standards, the problems and concerns which organizations face should be identified, the cost-benefit analysis conducted, the repercussions that implementation would have on the operations of the organization, and evaluating the steps that would be most appropriate in the particular circumstances. The security program must be directed towards striking a balance of security, functional and user requirements, and this balance will determine the success of the implementation process.

Conclusion

Thus, it can be safely concluded that security plays an important role in protecting an organization’s assets. But since no one function can ensure an effective and complete security, organizations must develop a complete and comprehensive security program that provides for all the security threats and also provides for alternative steps, in case one step is impracticable to implement. Therefore, it follows that all parties should be participated in devising security measures, up from senior management, down to IT professionals and users, that should contribute towards providing security to the organization’s assets. Full cooperation towards the security of an organization, both internal and external, is the factor that will mark its success.

It could be very easy if you had asked someone to help me write my paper and then actually someone could do it for you. Being a student, you are supposed to write a number of papers but it would not feel good to request one of your friends to help you out since they might be occupied themselves. You could have the same feeling for others if they ask you for help. Actually it is pretty weird.

What are the three main functions of a security personnel?

What is the function of security and protection?

What is the main function of a security officer?