Saturday, May 18, 2019
Information Security Overview Essay
In this paper I will be discussing slightly of the benefits of having materials for education surety direction. What from individually one of the role models of teaching protection are, their pros and their cons. Which major perspectives to consider in information security focusing and material choice. What organisational factors should be considered in framework choice? I will also attempt to come up with a infract framework for information security. Some of the benefits of having frameworks for information security management are, that they serve as a common ground for integrating all types of information security functions. It also helps answer headway of how to react to information security issues. As well as, helping identify what the beta components involved in puddleing and maintaining information security initiatives. Since our information faces more than potential security breaches than ever before (Ma, Schmidt, Pearson, 2009 p. 58). The information security frameworks are the following-Governance frameworks- shelter frameworks-Risk management and chance assessment frameworks-Audit and assurance frameworks-Legal and regulatory frameworksThe governance framework is truly important because it gives us a road map for the application, evaluation and improvement of information security practices (Information Security Governance Toward a Framework for Action). This frame work includes legislation, regulations, corporate coordinate, corporate culture and the importance of information security to the plaque. It also acts as a mechanism to deliver value, mange performance and also mitigates risk. A nonher important fact about thisframework is that it gives us a way to assign accountability for each decision and performance. It ensures that policies, procedures, management and other related management techniques are all working muckle in hand to achieve the organizations goals. There arent many documents that define the roles, tasks and re sponsibilities of different senior members of an organization, average like in any other successful practice the destiny of support from senior management is needed.FISMA clarifies how that support has to be addicted. Some of the pros that governance frameworks bring to the table are as follows It helps technology with handicraft goals, it provided a framework for measuring and managing IS performance. It also facilitates compliance with external legislation and regulations. And last but not least, it helps ensure valuable technology solutions are delivered on time and on budget. Security standard framework consists of discordant guidelines, standards and regulations FISMA, NIST 800-39, HIPAA stand out to me. Each of these cover a wide range of needs that need to be followed in order to achieve a successful security framework. While FISMA is a more broad regulation that covers many government related issues, it still provides a good understanding of the category of responsibil ities. NIST 800-39 delves into different risk management issues, which will be highlighted as I continue this research.Information security planning or strategy should be aligned with production line objectives (Peltier, 2003 p.22) According to NIST 800-39 Risk management is a comprehensive process that requires organizations to frame risk i.e. establish the context for risk-based decisions, assess risk and responds to risk erst determined, and to monitor risk on an ongoing basis. This frame work is a fundamental requirement in which senior leaders and executives need to be committed to. There are many organizational risks, more or less of these are i.e. program management risk, investment risks, legal liability risk and security. Information systems is also small to the success of organizations achieving their objectives and strategic goals (NIST 800-39 p. 2). Some of the pros for Risk Management frame works are a) reducing the risk to an acceptable level if the risk johnnot b e eliminated, with which the organization it is still able to function safely. b) Risk can be transferred by using insurance policies by insuring that the companys assets are protected for thievery or destruction. Audit and assurance frameworks includes assessing and comparing what is actually happening in anorganization against what is actually suppositional to be happening.Auditors can also be called to assess compliance with corporate security policies, standards, procedures and guidelines. Some time as contractual commitments, either as a specific audit or solely in the course of routine audit assignment. Legal and regulatory frameworks, ensure that organizations are abiding by the requirements given by the different regulations like, FISMA, HIPPA and others. Failure to comply with the standards listed on these and other regulations can affect organizations in various ways ranging from fines to jail time depending of the severity of the violation and the state where the violat ion is being committed. The some of the pros to this framework are that organizations will be more apt to follow what is required of them all the while defend not except the customers sensitive informations but also the employees vital information. Some of the cons to these frameworks A define system is one that does what its supposed to (Eugene Spafford). There is no way to ensure that all systems gull the aforementioned(prenominal) state of security. Because not all systems do the same things.Therefore each individual organization or user must choose what type of security is important. In some cases security clashes with itself. Controls that mightiness enhance confidentiality doesnt necessarily support integrity. With all the time it takes to control integrity and confidentiality and how complex they each are, the availability is impacted. It does not come as a surprise that it is impossible to create a familiar checklist of the items once implemented, will guarantee secur ity. Security risks arent necessarily measurable, since the frequencies and impacts of future incidents are dependent on many different things that tend to be out of our control. If we dont know what skills whoever is attempting to intrude or hack our systems is working with, it would be difficult to fight it, let alone predict it. Opposite to what some might believe, according to BOAs Smith, senior management is not the biggest hindrance to better security. Rather, the spirit management might represent one of the largest challenges because they impact the organization daily.Many organizations find it difficult to confine in compliance with different government laws and regulations like Sarbanes-Oxley Act and HIPAA in addition to Payment flyer industry Data security Standards. It does not help the fact that there is a scarcity in security professionals who have the technical and engineering skills thatknow how to explain the risks/rewards and the trade-off and can sell solutions deep down the organization. When choosing a framework in information security management we have to keep in sound judgement different factors in order to have a successful framework. Some of these factors are, the goals of the organization we have to establish the information security objectives, these should be strategic, organizational focus and made by executive-level management, since they have a better grasp of the whole business goals and limitations.We also have to be aware of the fact that organizational goals, structure and information security management strategy has to change as different environmental factors like, technology business and legislation frequently evolve. Another important factor is the culture of the organization need to be the same for everyone involve, from the CISO to the administrative assistant. After all the extensive reading, my framework would have a continuous risk management and risk assessment frame work, security controls that align perfectly with the goals of the business and the culture of not only the organization but the entire workforce.I would achieve this by implementing quarterly training on the importance of ISM and how it affects everyone involved. I believe that everyone should be kept informed as to what our IS goals are by masking them how we have failed or succeeded. On the chance that we have failed we can have the employees propose how we can adjudge it better. When we involve everyone affected they will take it more seriously. There are different types of frameworks that make up the information security management framework. Which address the needs for a functional ISM framework and enlarge the obligations of those in an organization while providing the standards, guidelines, legislations and regulations the all have to abide by. And how the lack of a proper framework can affect those in the organization.ReferenceMa, Q., Schmidt, M., & Pearson, J. (2009). An integrated framework for information secur ity managemtn. doi criticism of Business Dempsey, K., Chawla, N., Johnston, R., Jones, A., Orebaugh, A., Scholl, M., Stine, K., & Johnson, A. U.S Department of Commerce, National Institute of Standards and Technology. (2001). Information security continuous monitoring for federal information systems and organizations (800-137). Gaithersburg, MD D. Smith(Jonson, M., & Goetz, E. (2007). Embedding information security into the organization. 17.) Eugene Spafford. (Im sorry, but I lost the article where I got his quote from)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.