Importance of Standard of Good Practice for Information Security in Organizations
Added on 2022-11-22
19 Pages3399 Words99 Views
|
|
|
Running head: PRINCIPLES OF INFORMATION SECURITY
PRINCIPLES OF INFORMATION SECURITY
Name of the Student:
Name of the University:
Author Note:
PRINCIPLES OF INFORMATION SECURITY
Name of the Student:
Name of the University:
Author Note:
PRINCIPLES OF INFORMATION SECURITY1
Executive Summary
The main motive of this report is to showcase the importance of the Standard of Good Practice
for Information Security for an organization. The policies or the domains of these practices plays
an important role for the organization. The data or the information of an organization should be
properly secured such that they would not face any attack from external environment. The report
mainly deals with the proper implementation of the policies in an organization. Lastly, the report
also concludes that the effective way to achieve the business goal by an organization is to
employ the Standard of Good Practice in the organization.
Executive Summary
The main motive of this report is to showcase the importance of the Standard of Good Practice
for Information Security for an organization. The policies or the domains of these practices plays
an important role for the organization. The data or the information of an organization should be
properly secured such that they would not face any attack from external environment. The report
mainly deals with the proper implementation of the policies in an organization. Lastly, the report
also concludes that the effective way to achieve the business goal by an organization is to
employ the Standard of Good Practice in the organization.
PRINCIPLES OF INFORMATION SECURITY2
Table of Contents
Introduction......................................................................................................................................3
Security Management......................................................................................................................3
Policies.........................................................................................................................................4
Implementation of the policies....................................................................................................5
Attack tree:.......................................................................................................................................7
Phishing attack.............................................................................................................................7
Computer Virus...........................................................................................................................8
Legal act in Sri Lanka relating the technology................................................................................8
Conclusion.....................................................................................................................................10
Appendixes....................................................................................................................................11
Appendix 1.................................................................................................................................11
Appendix 2.................................................................................................................................12
Appendix 3.................................................................................................................................13
References......................................................................................................................................14
Table of Contents
Introduction......................................................................................................................................3
Security Management......................................................................................................................3
Policies.........................................................................................................................................4
Implementation of the policies....................................................................................................5
Attack tree:.......................................................................................................................................7
Phishing attack.............................................................................................................................7
Computer Virus...........................................................................................................................8
Legal act in Sri Lanka relating the technology................................................................................8
Conclusion.....................................................................................................................................10
Appendixes....................................................................................................................................11
Appendix 1.................................................................................................................................11
Appendix 2.................................................................................................................................12
Appendix 3.................................................................................................................................13
References......................................................................................................................................14
PRINCIPLES OF INFORMATION SECURITY3
Introduction
The Standard of Good Practice for Information Security was established by the ISF
(Information Security Foundation) in 2011. It is the business focused, comprehensive and
practical guide to determine as well as handle the information security risks associated with a
company and its supply chains. It deals with various information related risk of an organization.
It covers a huge area in an organization like cybercrime attacks, spreadsheets, databases, office
equipment and consumer equipments. The main areas or the domains of the Standard of Good
Practice for Information Security are Security management, Critical Business Applications,
Computer Installations, Networks, System Development and End User Environment. The
selected domain for this report is the Security management of an organization. The report
directly focuses on the policy statements related to the selected domain, attack tree of an
organization and a legal act established by the Sri Lankan government associated with
technology. Information plays an important role for any type of business. Thus, it should be
secured safely such that the attacker cannot access the information of the company and cannot
misuse the information or destroy it. The report basically describes about the policy statements to
secure the information of an organization, method for implementing such policies in the
organization, attack trees of an organization and lastly a legal act developed by the Sri Lankan
government to avoid the technology related attack.
Security Management
The selected of the Good Practice for Information Security is the security management of
the organization. While the legislatures pass the corporate governance laws business are losing
more the guarantees which are protected by their vendors or the partners against the vulnerable
Introduction
The Standard of Good Practice for Information Security was established by the ISF
(Information Security Foundation) in 2011. It is the business focused, comprehensive and
practical guide to determine as well as handle the information security risks associated with a
company and its supply chains. It deals with various information related risk of an organization.
It covers a huge area in an organization like cybercrime attacks, spreadsheets, databases, office
equipment and consumer equipments. The main areas or the domains of the Standard of Good
Practice for Information Security are Security management, Critical Business Applications,
Computer Installations, Networks, System Development and End User Environment. The
selected domain for this report is the Security management of an organization. The report
directly focuses on the policy statements related to the selected domain, attack tree of an
organization and a legal act established by the Sri Lankan government associated with
technology. Information plays an important role for any type of business. Thus, it should be
secured safely such that the attacker cannot access the information of the company and cannot
misuse the information or destroy it. The report basically describes about the policy statements to
secure the information of an organization, method for implementing such policies in the
organization, attack trees of an organization and lastly a legal act developed by the Sri Lankan
government to avoid the technology related attack.
Security Management
The selected of the Good Practice for Information Security is the security management of
the organization. While the legislatures pass the corporate governance laws business are losing
more the guarantees which are protected by their vendors or the partners against the vulnerable
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents