Strategic Information Security Program Development for Yahoo Inc.
Added on 2023-06-03
18 Pages4515 Words53 Views
STRATEGIC INFORMATION SECURITY PROGRAM
DEVELOPMENT FOR YAHOO INC.
Created by XXXXXXXXX
CIS8018 – U1106620
1
DEVELOPMENT FOR YAHOO INC.
Created by XXXXXXXXX
CIS8018 – U1106620
1
Abstract
In the earlier report, the different security threats that exist in the organizational tasks
within Yahoo were discussed in details. Yahoo privacy policies as well as the different
consequences of the failure of security programs were discussed in details. This report is a
continuation of the earlier study and will highlight the different techniques that can be
implemented in order to develop a proper security program for the company, which can have the
potential to eliminate the possible threats from the organization. The different roles as well as
titles for the security personnel that exist within the organization as of now will be discussed in
details and furthermore, recommendations and suggestions will be provided as to how the
security strategies can be improved. ISO security standards will be described in this report and a
suitable security program that maintains such standards will be suggested and designed for
Yahoo Inc. By the end of this report, the reader will have a clear understanding of the different
aspects associated with the implementation of the security program within the organization.
2
In the earlier report, the different security threats that exist in the organizational tasks
within Yahoo were discussed in details. Yahoo privacy policies as well as the different
consequences of the failure of security programs were discussed in details. This report is a
continuation of the earlier study and will highlight the different techniques that can be
implemented in order to develop a proper security program for the company, which can have the
potential to eliminate the possible threats from the organization. The different roles as well as
titles for the security personnel that exist within the organization as of now will be discussed in
details and furthermore, recommendations and suggestions will be provided as to how the
security strategies can be improved. ISO security standards will be described in this report and a
suitable security program that maintains such standards will be suggested and designed for
Yahoo Inc. By the end of this report, the reader will have a clear understanding of the different
aspects associated with the implementation of the security program within the organization.
2
Table of Contents
Introduction......................................................................................................................................4
Security measures at Yahoo.............................................................................................................4
Current roles and titles of security personnel:.................................................................................5
Chief information security officer (CISO):.................................................................................5
Product security Engineer:...........................................................................................................7
Suggestions to improve security personnel hierarchy:................................................................8
Training requirements to incorporate these changes:......................................................................9
- Management Support for Change.....................................................................................9
- Case for Change..............................................................................................................10
- Communication and implementation of the change.......................................................10
- Planning a suitable training program..............................................................................11
Determination of a proper ISO certified security model:..............................................................11
Threat identification and risk assessment in Yahoo......................................................................13
Suitability of ISO/IEC 7498 certified OSI information security model:...................................13
Conclusion:....................................................................................................................................14
References:....................................................................................................................................15
3
Introduction......................................................................................................................................4
Security measures at Yahoo.............................................................................................................4
Current roles and titles of security personnel:.................................................................................5
Chief information security officer (CISO):.................................................................................5
Product security Engineer:...........................................................................................................7
Suggestions to improve security personnel hierarchy:................................................................8
Training requirements to incorporate these changes:......................................................................9
- Management Support for Change.....................................................................................9
- Case for Change..............................................................................................................10
- Communication and implementation of the change.......................................................10
- Planning a suitable training program..............................................................................11
Determination of a proper ISO certified security model:..............................................................11
Threat identification and risk assessment in Yahoo......................................................................13
Suitability of ISO/IEC 7498 certified OSI information security model:...................................13
Conclusion:....................................................................................................................................14
References:....................................................................................................................................15
3
Introduction
This study aims to create the different organizational considerations while implementing
a information security program within the work force. Organizational security is one of the major
concerns of the organizations in today’s world. In the earlier report, the different threats related
to data security as well as the other aspects such as the consequences of the system failures had
been identified and discussed in details. This report mainly focusses on the development and
implementation of an appropriate security software for the company that eliminates all the earlier
discussed risks and threats related to data security and other security parameters. The ISO
standards that the security programs must follow will also be discussed in the following
paragraphs. A proper certification will also be studied and recommended to the company and a
security application that makes use of the ISO standards as well as the recommended certificate
will be recommended to the company.
Security measures at Yahoo
Information security is one of the primary focus of yahoo ad invest a lot of tie and
expertise in developing the security programs within the organization. Yahoo is aware of the fact
that its users have a lot of trust in yahoo data security policies, they are assured about the security
and privacy of their accounts, and other information stored in yahoo databases. Some of the main
security measures incorporated by yahoo are:
Second-time sign-in short service message verification code – Users needs to authenticate
themselves by typing in a verification code sent through SMS to their mobile phones. It ensures
better verification and security of the accounts (Murashkin et al. 2013).
4
This study aims to create the different organizational considerations while implementing
a information security program within the work force. Organizational security is one of the major
concerns of the organizations in today’s world. In the earlier report, the different threats related
to data security as well as the other aspects such as the consequences of the system failures had
been identified and discussed in details. This report mainly focusses on the development and
implementation of an appropriate security software for the company that eliminates all the earlier
discussed risks and threats related to data security and other security parameters. The ISO
standards that the security programs must follow will also be discussed in the following
paragraphs. A proper certification will also be studied and recommended to the company and a
security application that makes use of the ISO standards as well as the recommended certificate
will be recommended to the company.
Security measures at Yahoo
Information security is one of the primary focus of yahoo ad invest a lot of tie and
expertise in developing the security programs within the organization. Yahoo is aware of the fact
that its users have a lot of trust in yahoo data security policies, they are assured about the security
and privacy of their accounts, and other information stored in yahoo databases. Some of the main
security measures incorporated by yahoo are:
Second-time sign-in short service message verification code – Users needs to authenticate
themselves by typing in a verification code sent through SMS to their mobile phones. It ensures
better verification and security of the accounts (Murashkin et al. 2013).
4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Strategic Information Security: ANSTOlg...
|17
|4389
|122
Developing a security program in Banks of Americalg...
|14
|3858
|413
Report | Concept of Information Securitylg...
|20
|4544
|57
Strategic Information Security | Reportlg...
|17
|3887
|87
Information Security Management: Guidelines for Risk Management and Certificationlg...
|14
|3312
|209
CIS8018 – Strategic Information Security - Research Worklg...
|15
|3735
|37