University Report: Principles of Information Security and Legal Acts

This report delves into the principles of information security, focusing on the Standard of Good Practice established by the ISF. It emphasizes the importance of securing organizational data against external threats through effective security management. The report examines various aspects of security management, including policy statements, implementation strategies (top-down and bottom-up approaches), and the construction of attack trees. It analyzes common threats such as phishing attacks and computer viruses, highlighting their potential impact on business operations. Furthermore, the report provides an overview of the Computer Crimes Act No. 24 of 2007 in Sri Lanka, which addresses computer-based crimes and related offenses. The report concludes that adopting the Standard of Good Practice is essential for achieving business goals by ensuring data confidentiality, availability, and integrity.