Source: freecodecamp.org
Examining network components from an information security perspective provides a structured approach to implementing security technology that companies can support with its resources for maximum benefit compared to the systems development perspective. From an information security perspective, the first decision companies need to make would be to figure out if they are going to implement a bottom-up or top-down approach. The bottom-up approach involves a grass roots strategy implemented by the employees within a company. Studies show that a top-down approach, one that is implemented by upper management, holds a stronger impact on its ability to function within an organization. The top-down approach gives upper management the ability to inform others within a company of the policies and procedures required in order to promote effective cybersecurity. The major difference between the information security perspective and the systems development perspective is that the former represents the stronger approach due to its commitment to starting with policies and procedures.
The systems development perspective includes the following:
Investigation -Determining what problem the system is being developed to solve and conducting an initial cost-benefit analysis of the project
Analysis -Interpreting the investigative information and assessing the organization’s current systems and proposed solutions.
Logical Design-Represents the blueprint for the solution, and turns the analysis information into specific objectives for providing security.
Physical Design-Deciding on if the solution will be developed in-house or purchased from a vendor, and presenting the solution for management’s approval.
Implementation-Any needed software is created and components purchased for testing. Authorized staff performs a feasibility analysis and submits the system for review by upper management.
Maintenance and Change-Finished solution continues to receive support from technical staff in order to maintain a functional system. The solution is continually monitored and supported for possible upgrades within the system.
Once an organization has developed its information security policies and standards, information security professionals can begin the process of creating a blueprint for the proposed solution. After the information security team has analyzed the organization’s information assets and potential threats, they conduct quantitative and qualitative analyses, feasibility studies, and cost-benefit analysis. Security professionals then adopt an information security model to implement due to its previous success at other organizations. When upper management adopts an information security perspective they have a greater chance of successfully implementing a security solution that is in compliance with its policies and standards while remaining within budget.