Implementing a streamlined information assurance and cyber security program

Introduction
The 21st century continues to witness the introduction and adoption of different technological
innovations that enhance the operations of businesses and organizations across the globe. One
of the industries that continue to experience a rapid development of technological solutions is
the computing industry, and in particular, in information assurance and cyber security, the
technology behind managing security. Arguably, there are numerous security management
solutions that have been developed and deployed for both individual and business use. In this
case, various security management solutions play a critical role in sharing of information,
thus enhancing business processes in the contemporary corporate world. Nonetheless, there
are various risks that emerge when using these solutions, which undermine their benefits.
Therefore, this paper will focus on how to implement a streamlined information assurance
and cyber security program in an organization.
Statement of the problem
As mentioned earlier, security management solutions are critical in boosting the competitive
capability of businesses and organizations across the globe. However, there are numerous
challenges that arise because of these solutions. Arguably, studies show that there is a
considerable increase in cases of cyber security issues across the globe. Consequently,
businesses, organizations and individuals are at risk of losing vital information such as patent
rights, credit card information and other personal information to criminals and other black hat
hackers, and anyone with a malicious intent who are involved in these criminal activities.
Cybercrime and data loss is a directly result of weak boundary defence mechanism and the
lack of governing security policies in organizations. A good portion of these security threats
occur as a result of lack of a comprehensive enterprise security management program.

Therefore, this paper will focus on how to develop and implement a comprehensive
information assurance program as a way of assessing and properly mitigating security threats.
Objectives of the Study
This study will aim at establishing ways of implementing a streamlined security management
programs for businesses and organization to reduce the IT security risks. This study will
analyse the steps that are involved in creating and implementing a viable enterprise
information security and engineering management program. With this in mind, the study will
focus on ways of conducting security audits, risk assessment, security policy review,
hardware security engineering, and security consulting procedures to determine the current
position of the organization with regard to information assurance as well as security audits to
establish whether the new system that has been implemented is sufficient to address IT
security risks. The study will also examine policies and guidelines of ensuring that the
information assurance is able to deal with the IT security challenges. Finally, the study will
also examine or rather conduct a technical review of both software and hardware that is
needed to ensure successful implementation of cyber security practices within an
organization. The study will also present viable procedures that explain the technical reviews
of both hardware and software.
Study questions
There are various questions that this study will seek to address. These include the following:
1. What issues should businesses and organizations consider when implementing
information assurance and cyber security programs?
2. What are the prerequisites of a reliable information assurance program?

Literature review
There are numerous researchers and scholars who have conducted studies on information
assurance. To begin with, Blyth and Kovacich (2006), focused on information security. As
such, Blyth and Kovacich (2006) emphasize that organizations need to take information
security seriously and as such, develop models and frameworks that will ensure that vital data
and information is secure. Similarly, Chou (2011) explores the issue of information assurance
from the perspective of information security threats and offers different approaches that could
help minimize these risks. Qian, Tipper, Krishnamurthy and Joshi (2010) agree with Chou
(2011) that there is an increase in security threats in information assurance. As such, Qian,
Tipper, Krishnamurthy and Joshi (2010) propose that there is a need to develop different
security frameworks to tackle IT security threats. Importantly, most of these researchers, Rao,
Gupta and Upadhyaya (2007), Rao and Upadhyaya (2009) among others, all agree that there
are numerous information security threats that need to be tackled using information assurance
frameworks.
Methodology
This paper will use a qualitative approach as opposed to a quantitative approach to carry out
the research. Therefore, the study will rely heavily on my personal experiences in dealing
with enterprise security management program, and on numerous research and studies that
have been conducted in the past on the subject. The research will identify and use primary
research as the key data sources. Importantly, the paper will use a deductive approach as
opposed to an inductive approach to gather information to the effect of this research. The
paper will first focus on known facts about the topic before addressing issues that are
unknown or rather less researched issues concerning this topic. Essentially, the research will

focus on key areas among them security audit, technical review and policy and guidelines all
with respect to information assurance and cyber security.

Reference List
Blyth, A., & Kovacich, G. L. (2006). Information assurance: security in the information
environment. New York: Springer.
Chou, T. (2011). Information assurance and security technologies for risk assessment and
threat management: advances. Hershey, PA: Idea Group Inc. (IGI).
Qian, Y., Tipper, D., Krishnamurthy, P., & Joshi, J. (2010). Information assurance:
dependability and security in networked systems. Burlington, MA: Morgan
Kaufmann.
Rao, H. R., & Upadhyaya, S. (2009). Information Assurance, Security and Privacy Services.
Bingley, UK: Emerald Group Publishing.
Rao, H. R., Gupta, M., & Upadhyaya, S. (2007). Managing information assurance in
financial services. Hershey, PA: Idea Group Inc. (IGI).