In order to determine the safety of data from potential violations and cyber-attacks, the implementation of the security model has an important phase to be carried out. In order to ensure the integrity of the security model can be designed using two methods:
1. Bottom-Up Approach:
The company’s security model is applied by system administrators or people who are working in network security or as cyber-engineers. The main idea behind this approach is for individuals working in this field of information systems to use their knowledge and experience in cybersecurity to guarantee the design of a highly secure information security model.
- Key Advantages –
An individual’s technical expertise in their field ensures that every system vulnerability is addressed and that the security model is able to counter any potential threats possible.
- Disadvantage –
Due to the lack of cooperation between senior managers and relevant directives, it is often not suitable for the requirements and strategies of the organisation.
2. Top-Down Approach:
This type of approach is initialized and initiated by the executives of the organization.
- They formulate policies and outline the procedures to be followed.
- Determine the project’s priorities and expected results
- Determine liability for every action needed
It is more likely to succeed. That strategy usually provides strong support from top management by committing resources, a consistent preparation and execution mechanism and opportunities to affect corporate culture.
Security management issues have been handled by organizations in various ways. Traditionally, companies adopted a bottom-up approach, where the process is initiated by operational employees and their results are subsequently propagated to upper management as per the proposed policies. Since management has no information about the threat, the effects, the idea of resources, possible returns and the security method, this approach has occasionally created a sudden and violent collapse.
On the contrary, the top-down approach is a highly successful reverse view of the whole issue. Management understands the gravity and starts the process, which is subsequently collected systematically from cyber engineers and operating personnel.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
- Difference between Cyber Security and Information Security
- Principal of Information System Security : Security System Development Life Cycle
- Difference between Information Security and Network Security
- What is Information Security?
- Active and Passive attacks in Information Security
- Threats to Information Security
- Risk Management for Information Security | Set-1
- Risk Management for Information Security | Set-2
- Information System and Security
- Information Security and Cyber Laws
- Digital Forensics in Information Security
- Information Security | Confidentiality
- Information Security | Integrity
- Information Security and Computer Forensics
- Need Of Information Security
- Message Digest in Information security
- Principal of Information System Security : History
- Principle of Information System Security
- Availability in Information Security
- Vulnerabilities in Information Security
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.