In order to determine the safety of data from potential violations and cyber-attacks, the implementation of the security model has an important phase to be carried out. In order to ensure the integrity of the security model can be designed using two methods:
1. Bottom-Up Approach:
The company’s security model is applied by system administrators or people who are working in network security or as cyber-engineers. The main idea behind this approach is for individuals working in this field of information systems to use their knowledge and experience in cybersecurity to guarantee the design of a highly secure information security model.
- Key Advantages –
An individual’s technical expertise in their field ensures that every system vulnerability is addressed and that the security model is able to counter any potential threats possible.
- Disadvantage –
Due to the lack of cooperation between senior managers and relevant directives, it is often not suitable for the requirements and strategies of the organisation.
2. Top-Down Approach:
This type of approach is initialized and initiated by the executives of the organization.
- They formulate policies and outline the procedures to be followed.
- Determine the project’s priorities and expected results
- Determine liability for every action needed
It is more likely to succeed. That strategy usually provides strong support from top management by committing resources, a consistent preparation and execution mechanism and opportunities to affect corporate culture.
Security management issues have been handled by organizations in various ways. Traditionally, companies adopted a bottom-up approach, where the process is initiated by operational employees and their results are subsequently propagated to upper management as per the proposed policies. Since management has no information about the threat, the effects, the idea of resources, possible returns and the security method, this approach has occasionally created a sudden and violent collapse.
On the contrary, the top-down approach is a highly successful reverse view of the whole issue. Management understands the gravity and starts the process, which is subsequently collected systematically from cyber engineers and operating personnel.
GeeksforGeeks has prepared a complete interview preparation course with premium videos, theory, practice problems, TA support and many more features. Please refer Placement 100 for details
- Difference between Cyber Security and Information Security
- Difference between Information Security and Network Security
- Principal of Information System Security : Security System Development Life Cycle
- What is Information Security?
- Need Of Information Security
- Availability in Information Security
- Information System and Security
- Vulnerabilities in Information Security
- Information Security | Confidentiality
- Information Security | Integrity
- Threats to Information Security
- Digital Forensics in Information Security
- Principle of Information System Security
- Information Security and Cyber Laws
- Information Security and Computer Forensics
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.