Information Security Management: Guidelines for Risk Management and Certification
Added on 2022-11-13
14 Pages3312 Words209 Views
Running Head: INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
Name of the Student:
Name of the University:
Author Note:
INFORMATION SECURITY MANAGEMENT
Name of the Student:
Name of the University:
Author Note:
1INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Executive Summary...............................................................................................................3
2. Introduction............................................................................................................................4
3. Discussion..............................................................................................................................4
3.1. Guidelines for information security risk management....................................................4
3.2. Guidelines for information security certifications and accreditation..............................8
ISO Certification................................................................................................................9
PCI Compliance.................................................................................................................9
ISM (Information Security Manual)..................................................................................9
IRAP (Information Security Registered Assessors Program)..........................................10
Australian Privacy Principles (APP)................................................................................10
Australian Prudential Regulation Authority (APRA) Standards.....................................10
SOC 2...............................................................................................................................10
SSAE 16 / ISAE 3402 Type II.........................................................................................10
4. Conclusion............................................................................................................................11
5. References............................................................................................................................12
1.
Table of Contents
1. Executive Summary...............................................................................................................3
2. Introduction............................................................................................................................4
3. Discussion..............................................................................................................................4
3.1. Guidelines for information security risk management....................................................4
3.2. Guidelines for information security certifications and accreditation..............................8
ISO Certification................................................................................................................9
PCI Compliance.................................................................................................................9
ISM (Information Security Manual)..................................................................................9
IRAP (Information Security Registered Assessors Program)..........................................10
Australian Privacy Principles (APP)................................................................................10
Australian Prudential Regulation Authority (APRA) Standards.....................................10
SOC 2...............................................................................................................................10
SSAE 16 / ISAE 3402 Type II.........................................................................................10
4. Conclusion............................................................................................................................11
5. References............................................................................................................................12
1.
2INFORMATION SECURITY MANAGEMENT
1. Executive Summary
Security of the information is an essential part of any organization. Information security also
known as infosec, is a process for protecting the information through reducing the detected
information risks. Information security a part of information risk management, where the
information risks are identified and if not totally eradicated, the information is at least
protected from unauthorized access or any modification or deletion of the data. The aim of
information security is to create balance in protection of the information in terms of
confidentiality, integrity and availability, popularly known as CIA triad, of the institutional
data (Andress 2014). Information security management means the level of control an
organization needs to have on their system to protect the privacy, availability, and
incorruptibility of their useful assets from threats and susceptibilities. Information security
management systems (ISMS) are set of policies to methodically manage an organization’s
data. These systems aim to protect and manage the enormous amount of data collected by the
organization online as well as offline. This report discusses about the Information system of
OZ dispatch and what are the possible ways of improving their present system. After
estimating the risks some measures were suggested to ensure the proper functioning of the
organization.
1. Executive Summary
Security of the information is an essential part of any organization. Information security also
known as infosec, is a process for protecting the information through reducing the detected
information risks. Information security a part of information risk management, where the
information risks are identified and if not totally eradicated, the information is at least
protected from unauthorized access or any modification or deletion of the data. The aim of
information security is to create balance in protection of the information in terms of
confidentiality, integrity and availability, popularly known as CIA triad, of the institutional
data (Andress 2014). Information security management means the level of control an
organization needs to have on their system to protect the privacy, availability, and
incorruptibility of their useful assets from threats and susceptibilities. Information security
management systems (ISMS) are set of policies to methodically manage an organization’s
data. These systems aim to protect and manage the enormous amount of data collected by the
organization online as well as offline. This report discusses about the Information system of
OZ dispatch and what are the possible ways of improving their present system. After
estimating the risks some measures were suggested to ensure the proper functioning of the
organization.
3INFORMATION SECURITY MANAGEMENT
2. Introduction
With the advancement of technology and internet globally, security and privacy of
data is an important factor for every individual and for any organization. Data piracy and data
breaches are increasing at an alarming rate. Protecting these personal data is becoming hard
everyday and technologist strive to provide security and risk management guidelines to avoid
these challenges. Organizations deal with enormous amount of data including personal details
of customers and other organizational data. It is very important to protect this information
from any security threat. Information security management system is an efficient way to
manage sensitive organizational data and to secure them from vulnerable cyberattacks
(Peltier, 2013). ISO 27000 is a set of rules put forward by ISO (International Organization for
Standardization) that if followed by organizations, can gain a certification of trust for the
customers, showing that their systems are with compliance with these rules and their system
is capable of protecting the critical data of the user (ISO 2019). Moreover, only information
security management is not enough to protect the organizational data. Having a strong
encrypted internet network is very important to reduce the risks of cyber attacks. Firewalls
and trusted anti-viruses should be used to reduce the effects of any external threat. Strong Wi-
Fi security like the WAP2 (PSK)-AES (Wi-Fi Protected Access II with pre-shared key and
Advanced Encryption Standard) standards should be maintained and all the systems should
be up to date with the latest version of operating system (Alblwi and Shujaee 2017). This
report discusses about the guidelines for information security risk management and
certification and accreditation of information security. A discussion on how to build an
effective information security risk management program is also done through this report.
Lastly, some recommendations were made to decrease the level of data breach.
2. Introduction
With the advancement of technology and internet globally, security and privacy of
data is an important factor for every individual and for any organization. Data piracy and data
breaches are increasing at an alarming rate. Protecting these personal data is becoming hard
everyday and technologist strive to provide security and risk management guidelines to avoid
these challenges. Organizations deal with enormous amount of data including personal details
of customers and other organizational data. It is very important to protect this information
from any security threat. Information security management system is an efficient way to
manage sensitive organizational data and to secure them from vulnerable cyberattacks
(Peltier, 2013). ISO 27000 is a set of rules put forward by ISO (International Organization for
Standardization) that if followed by organizations, can gain a certification of trust for the
customers, showing that their systems are with compliance with these rules and their system
is capable of protecting the critical data of the user (ISO 2019). Moreover, only information
security management is not enough to protect the organizational data. Having a strong
encrypted internet network is very important to reduce the risks of cyber attacks. Firewalls
and trusted anti-viruses should be used to reduce the effects of any external threat. Strong Wi-
Fi security like the WAP2 (PSK)-AES (Wi-Fi Protected Access II with pre-shared key and
Advanced Encryption Standard) standards should be maintained and all the systems should
be up to date with the latest version of operating system (Alblwi and Shujaee 2017). This
report discusses about the guidelines for information security risk management and
certification and accreditation of information security. A discussion on how to build an
effective information security risk management program is also done through this report.
Lastly, some recommendations were made to decrease the level of data breach.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber security Planning and Compliance (pdf)lg...
|11
|3109
|30
Risk management: Citi Stores Website Development Projectlg...
|39
|5640
|137
Data Security Standards in Australia and Challenges of AWS Data Securitylg...
|8
|2657
|165
Strategic Information Security Program Development for Yahoo Inc.lg...
|18
|4515
|53
Risk Assessment on Network Infrastructure of CONVXYZlg...
|27
|3351
|91
Managing IT Security and Risklg...
|25
|7497
|68