Information Security Management Plan
Added on 2020-03-04
24 Pages4363 Words67 Views
|
|
|
Running head: STRATEGIC INFORMATION SECURITY Strategic Information SecurityName of the StudentName of the UniversityAuthor’s note
1STRATEGIC INFORMATION SECURITYExecutive SummaryThe organisations all over the world should understand that they must implement informationsecurity in their premises for good. Norwood systems have been chosen for this report. Themanagerial role in information security has been depicted in details. The key characteristicsinvolved in the information security like confidentiality, integrity, availability, authorization,accountability have been described in this report as well. The threats to intellectual property,deviations in quality of service, espionage or trespass, software attacks and theft have beenwell explained in this report. The key features of leadership and management, differentiationbetween law and ethics have been discussed well in this report. The primary laws related tothe practice of InfoSec have been explained too. The role of action in planning in theorganisations in the form of the vision statement, mission and vision statement has beenelaborately mentioned. The plan, objective, benefits and outcome of the information securitygovernance have been depicted also.
2STRATEGIC INFORMATION SECURITYTable of ContentsIntroduction................................................................................................................................41. The importance of the manager’s role in securing Norwood System’s use of informationtechnology..................................................................................................................................52. List and discussion of the key characteristics of information security that NorwoodSystems must be aware of..........................................................................................................53. The dominant categories of threats to information security that will affect NorwoodSystems......................................................................................................................................64. Discussion of the key characteristics of leadership and management in Norwood Systems.75. Differentiate information security management from general business management...........76. Law and ethics that Norwood Systems must adopt...............................................................87. The ethical foundations and approaches that underlie modern codes of ethics.....................88. Identification of major national and international laws that relate to the practice of InfoSec....................................................................................................................................................89. Discuss current laws, regulations, and relevant professional organizations..........................910. Identification of the roles in Norwood Systems that are active in planning........................911. Strategic organizational planning of Norwood Systems for information security (InfoSec)..................................................................................................................................................1012. Discussion of the importance, benefits, and desired outcomes of information securitygovernance and how such a program would be implemented for Norwood Systems.............1013. Explanation of the principal components of InfoSec system implementation planning inNorwood System......................................................................................................................1214. Information security policy and its central role in a successful information securityprogram....................................................................................................................................1315. The three major types of information security policy and discussion of the majorcomponents of each..................................................................................................................1316. Explanation of what is needed to implement effective policy in Norwood Systems.........1417. Discussion of the process of developing, implementing, and maintaining various types ofinformation security policies in Norwood Systems.................................................................1518. Norwood System (Chosen organization) implementing security policies to enhance theircompany’s security...................................................................................................................15Conclusion................................................................................................................................16References................................................................................................................................17Appendices...............................................................................................................................21Appendix A: Relevant U.S. Laws........................................................................................21Appendix B: Mission statement...........................................................................................22
4STRATEGIC INFORMATION SECURITYIntroductionThe organisations all over the world should understand that they must implementinformation security in their premises for good. Norwood systems, an Australian emergingcompany has been chosen for this report. As they are an emerging company, they have thesecurity risks, they have to understand it and must implement the security policies and laws intheir company to mitigate the security risks in their company (Baskerville et al. 2014). Themanagerial role in information security and the key security features which NorwoodSystems must adopt in their company have been depicted in the report.This report will grandstand the security key features like confidentiality, integrity,availability, authorization, accountability, the threats like intellectual property, deviations inquality of service, espionage or trespass, software attacks and theft and have been highlightedand the process and also been discussed to mitigate those threats. The report also showcasesthe practice of InfoSec, the role of active planning in organisations in the form of mission,vision and value statement.1. The importance of the manager’s role in securing Norwood System’s use of information technologyThe organisations or associations must understand that information security must include theteam of Norwood System managers from the field of information security and IT (Galliersand Leidner 2014). They have three kinds of role Informational role: Deals with collecting, handling, and utilizing data via which onecan achieve any goal.Interpersonal role: Deals with connecting with the bosses and his subordinates thatassist in the completion of the task (Layton 2016).
5STRATEGIC INFORMATION SECURITYDecision role: Deals with a selection of correct methodologies, facing challenges andsolve problems.2. List and discussion of the key characteristics of information security thatNorwood Systems must be aware ofNorwood Systems must be aware of confidentiality, integrity, availability, identification,authorization and accountability that information security offers.Confidentiality deals with restriction of data to the specific individuals and avoids therest. The securities measures involve are information order, secure database record, generalsecurity applications’ approaches and encryption process (D'Arcy, Herath, and Shoss 2014).The integrity of data is compromised when it is presented to corruption, or otherinterruption of its authentic phase and corruption mainly occurs while data is beingtransmitted. Therefore, the state of a data can be identified whether it is complete orcorrupted (Peltier 2016).Availability of data means that the data can only be accessed by authorised or approvedclientsIdentification and authentication are established by client name or client ID.Authorization deals with the permission of an individual by the specific authority toaccess, change and delete the substance of the data resource (Galliers and Leidner 2014).Accountability of data incurs when a control gives assurance that each movementattempted can be attributed to a computerized process.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents