logo

Principles of Information Security

   

Added on  2023-06-11

14 Pages2777 Words403 Views
 | 
 | 
 | 
Running head: PRINCIPLES OF INFORMATION SECURITY
Principles of Information Security
Name of the student:
Name of the university:
Author Note
Principles of Information Security_1

1PRINCIPLES OF INFORMATION SECURITY
Executive summary
The following report suggests an execution plan to deploy an information security model. It has also
demonstrated a strategic analysis to implement the policy for the given company. An Attack Tree
has been shown to secure data against destruction and losses. Further, from the diagram, two of the
attacks are discussed.
Principles of Information Security_2

2PRINCIPLES OF INFORMATION SECURITY
Table of Contents
1. Introduction:......................................................................................................................................3
2. Analyzing the Information Security Foundation:..............................................................................3
2.1. Selecting the sub-domain and area of controls from SOGP 2011:.............................................3
2.2. Policy statements for capturing the above controls:...................................................................4
2.3. Strategic and execution plans to deploy the policies for an organization:.................................4
3. Evaluation of Attack Trees:...............................................................................................................6
4. Conclusion:........................................................................................................................................9
5. References:......................................................................................................................................10
6. Appendix:........................................................................................................................................13
Principles of Information Security_3

3PRINCIPLES OF INFORMATION SECURITY
1. Introduction:
The information security model supports organizations to design the approach to address
information security. Attack trees, on the other hand, are used to understand vulnerabilities and
security risks.
The report has selected the sector of controls from SOGP 2011. Here, policy statements are
developed for capturing above chosen controls. An execution and strategic plan are suggested here
for deploying the policy for the organization.
Further, an attack tree is drawn here for securing data against destruction and stealing. Here
two possible attacks are explained from the depicted Attack Tree.
2. Analyzing the Information Security Foundation:
The Information Security Foundation has created Standards of Good Practice or SOGP. The
model of Information Security has been supporting various companies to design the approach
towards the denoting information security and provide the basis to identify the primary aspects of
programs of information security (Safa, Von Solms & Furnell, 2016). Moreover, it has been
providing insights and various practices if tools and standards are addressing every issue of the
model to aid the business. This is to enhance the environment of information security.
2.1. Selecting the sub-domain and area of controls from SOGP 2011:
SOGP 2011 helps to identify, manage, record and analyze the threats or incidents of
securities in real-time. This has been seeking to provide the comprehensive and robust view of
security issues under IT infrastructure. This has been ranging from identifying active threats to
attempted intrusion and successful compromise or various data breaches (Moody, Siponen &
Principles of Information Security_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents