In order to determine the safety of data from potential violations and cyber-attacks, the implementation of the security model has an important phase to be carried out. In order to ensure the integrity of the security model can be designed using two methods:
1. Bottom-Up Approach:
The company’s security model is applied by system administrators or people who are working in network security or as cyber-engineers. The main idea behind this approach is for individuals working in this field of information systems to use their knowledge and experience in cybersecurity to guarantee the design of a highly secure information security model.
- Key Advantages –
An individual’s technical expertise in their field ensures that every system vulnerability is addressed and that the security model is able to counter any potential threats possible.
- Disadvantage –
Due to the lack of cooperation between senior managers and relevant directives, it is often not suitable for the requirements and strategies of the organisation.
2. Top-Down Approach:
This type of approach is initialized and initiated by the executives of the organization.
- They formulate policies and outline the procedures to be followed.
- Determine the project’s priorities and expected results
- Determine liability for every action needed
It is more likely to succeed. That strategy usually provides strong support from top management by committing resources, a consistent preparation and execution mechanism and opportunities to affect corporate culture.
Security management issues have been handled by organizations in various ways. Traditionally, companies adopted a bottom-up approach, where the process is initiated by operational employees and their results are subsequently propagated to upper management as per the proposed policies. Since management has no information about the threat, the effects, the idea of resources, possible returns and the security method, this approach has occasionally created a sudden and violent collapse.
On the contrary, the top-down approach is a highly successful reverse view of the whole issue. Management understands the gravity and starts the process, which is subsequently collected systematically from cyber engineers and operating personnel.