IT Security Policy Framework Essay - 837 Words

Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses. The ISO/IEC 27000-series consist of information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). In accordance with ISO/IEC 2700, we begin to define the guidelines to support the interpretation and implementation of information†¦show more content†¦The first challenge is in the user domain. We must train our employees to ensure they are aware of the security policies. Employees need to understand the policies and how it aligns with business goals and mission statement. Another challenge i n this area is handling of sensitive information and non-public customer identifying information. In order to be compliant we must have a training program in place that is in line with the regulations. In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information. In addition to the threats and vulnerabilities inherited with wired local area networks (LAN) there are many more risks associated with the use of wireless and mobile technologies. The use of laptops, smartphones, and tablets create vulnerabilities that can fall outside our network securitie s measure. Attackers will be able to bypass the firewalls and gain direct access to the doctor’s data. Once an intruder has access to the network the intruder will be able to launch denial of serviceShow MoreRelatedSecurity Policy Framework2443 Words   |  10 PagesInformation Security Policy Framework Information Security Policy Framework Information Security Policy Framework For the healthcare industry it is important to have an Information Security Policy Framework within the organization to protect information that is accessed across the network by staff personnel and patients. In accordance with ISO/IEC 27799:2008, we begin to define the guidelines to support the interpretation and implementationRead MoreSecurity Policy Framework For Creating A Security Program1989 Words   |  8 Pageseffective IT security policy framework to creating a security program to meet the needs of the organization to protect information and their information systems. There are many security frameworks that can be used to design an IT security program such as NIST and COBIT being a few. It is very important to establishing compliance of IT security controls with U.S. laws and regulation. The organization can align the policies and controls with the regulations. There are seven domain in the framework and eachRead MorePolicy Framework : Management Of Information Security889 Words   |  4 PagesPolicy Framework Management of Information Security †¢ At board level, responsibility for Information Security shall reside with the Head of ICT. †¢ The managers shall be responsible for enforcing, implementing, monitoring, documenting and communicating security policy requirements for the company. †¢ All staff, permanent or temporary, and third party contractors must be aware of the information security procedures and comply. Information Security Training †¢ Information security training shall beRead MoreIs4550 Week 5 Lab1611 Words   |  7 Pagesand Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * IdentifyRead MoreU.s. Department Of Homeland Security1668 Words   |  7 Pages1. Purpose Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system. 2. Scope This policy needs to be applied to all users, employees, contractors, suppliers and to all IT resources such as e-mails, filesRead MoreRecommending a COBIT-Based IT Security Framework for a Midsize Organization1243 Words   |  5 PagesCOBIT-Based IT Security Framework for a Midsize Organization The current objective is to provide the medium sized insurance organization with the most effective draft of and IT security policy framework. In reviewing the literature, it is clear that recent implementations of a COBIT model have proven incredibly successful in keeping with an efficient and productive organizational IT structure. As such, it is recommended that COBIT serve as a primary model for the foundation of the proposed IT security policyRead MoreNational Cybersecurity Policies And Regulations Essay1255 Words   |  6 Pagesat home. The foundation of any mandated cybersecurity strategies that secure our nation national security must incorporate worldwide or state local threats whether targeted toward the federal government or the private sector forces. The OPM breach highlighted the insufficient and inconsistence security approaches the federal government has already used in modernizing the existing cybersecurity policies. There is a requirement for the United States gover nment to institute polices that would incorporateRead MoreComparisons of Information Security Management Frameworks Essay712 Words   |  3 PagesComparisons of Information Security Management Frameworks Module 1 Case Assignment ITM517: Information Security Overview for Managers and Policy Makers Dr. Kiet Tuan Tran October 20, 2012 Introduction For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information Security Management Frameworks are based on existingRead MoreThe Function, Motivation And Purpose Of The Nist Cybersecurity Framework845 Words   |  4 PagesDescribe the function, motivation and purpose of the NIST Cybersecurity Framework (CSF) (10 points). Describe in detail the five components of the CSF core (20 points). Explain why it is important for network security engineers to be aware of the CSF and similar security industry related disciplines (3 points). Motivation: If we consider any nation, its most vulnerable if its financial and economic security is compromised. Cyber security has a profound impact on a nation by making it susceptible to outsideRead MoreImplementation Of The Planwise Au Information Security Policy824 Words   |  4 PagesPlanwise AU Information Security Policy is to ensure we maintain the confidentiality, integrity and availability our information, including customer information. This is because our information that can be accessed by employees, contractors, external parties and customers must be protected from inappropriate use, modification, loss or disclosure. This policy is guided by the ISO/IEC 27002:2013 Information technology - Security techniques -Code of practice for information security controls and sets out