Posted: July 1st, 2022

Three Levels of Security Compliance

Three Levels of Security Compliance
Killmeyer, Chapter 6, focuses on 3 levels of security compliance. Develop a 3 page paper covering the importance of this topic as it relates to the 3 security compliance levels:
Level One Compliance – the Component Owner – importance and function.
Level Two Compliance – Audit Function – importance and function.
Level Three Compliance – the Security Team – importance and function

Three Levels of Security Compliance
Level One Compliance – the Component Owner – importance and function.
Organizations have individuals and departments responsible for compliance from the lowest point to the highest. Network and application managers are at the lowest level for observing compliance within any network security sector. They play a very important role by enforcing policies, procedures, and standards that govern the network unit. Security compliance is quite sensitive hence the need for coordinators to focus on each department, business model, and location. Through this, the component owners portray their importance as they focus deeply on the business processes alongside IT compliance to ensure that the network is compliant and users can access the network safely. Coordinators are important since they focus on maintaining continued business for organizations through appropriate access (Killmeyer, 2006). Through the roles they play, they can ensure that user security is held sacred as they are responsible for the network and application operation.
The functions of network and application coordinators are many to ensure that appropriate access is maintained. One of the functions includes ensuring that network and application users within departments are aware of security risks and how to respond to security issues. This is a very important function since most computer users are unaware of what user security entails. It is, therefore, vital to train users from the early stages of what is expected of them while on the network. Moreover, these coordinators are expected to monitor the specific employees with access to ensure that their authority is terminated in case they leave the department. Coordinators also partner with security officers to ensure that they work together to combat security-related matters. The physical layer of networks and applications is as important as the logical layer hence the need to include the security personnel on the ground.

Level Two Compliance – Audit Function – importance and function.
The audit function in compliance is important since it captures internal control features to ensure the functionality of an organization while at the same time observing the necessary laws and procedures. Through the audit function, the processes regarded important by the stakeholders, staff, board of directors, and management are considered. Another importance of this level is that it focuses on the risk assessment of the processes that achieve organizational goals. Moreover, the audit layer also employs the act of monitoring activities through supervision (Killmeyer, 2006). This is important to the success of any organization since some employees may decide to deviate from the required standards and procedures. Maintaining the vitality of the audit function gives an organization the certainty it needs to trust its processes confidently. It is also important since it controls how duties are divide, the protection of assets, and the procedures behind authorization. These important aspects maintain the functionality of an organization since the processes are streamlined and rechecked periodically.
Through the auditing of the computer controls, level two compliance can achieve completeness, accuracy, restricted access, and validity of data. Through completeness, audit functions include checking whether the updated files are correct and complete. All records within the organization need to be up to date and saved in case they are needed. The function of accuracy ensures that the data stored within the files resemble the real transactions that took place. Moreover, the function of restricted access grants authority to specified personnel to control the number and level of individuals accessing a file. The aspect of validity ensures that the data stored is relevant to the client it represents. These are the functions that take place during a level two compliance.

Level Three Compliance – the Security Team – importance and function.
The security team is important to compliance as it takes up the responsibility of ensuring that security is upheld all over the organization. They make sure that the security architecture is observed by considering its policies and regulations. This level is also vital to the technological advancement of an organization as it ensures that the changes made following upgrading systems or integration with emerging tech comply with the interconnecting security agreements (ISA). This level is important because it alleviates the burdens of performing a full assessment of an organization. This is because the security team conducts security audits to the components and makes appropriate changes if necessary (Killmeyer, 2006). Hence, the security team suggests the necessary procedures when implementing new technologies based on their assessment of components. This is important since the security team considers both existing and new technology within an organization.
The functions vital to level three compliance involve the security team liaising with level two and one, reviewing results, and investigating security issues. Through collaboration with coordinators and audit functions, the security team can make more informed decisions regarding the compliance of the information system. Moreover, the results given by the coordinators and audits help the security team understand how effective the security controls in place are. This collaboration is improving the function of level three compliance as they decide on the implementation of policies and procedures. Through assessing the results, they may be able to give reason based on the present policies and procedures. The security team is liable for incidents and breaches in security as they are liable to improve the strengths and weaknesses of the system. It is up to the security team to effect the necessary changes that help prevent or mitigate incidents.

References
Killmeyer, J. (2006). Information Security Architecture: An Integral Approach to Security in the Organisation (p.153-159), 2nd ed. CRC Press

Order | Check Discount

Tags: 150-200 words discussion with a scholarly reference, 200-300 words response to classmate discussion question, 250 word analysis essay, bachelor of nursing assignments, case study, essay bishops website