Information Security Planning Report: Importance and Strategies

Verified

Added on 2019/10/18

AI Summary

This report delves into the critical importance of information security planning, emphasizing its role in defining organizational objectives and strategies. It highlights the significance of a well-defined security strategy and its alignment with business goals, as well as the integration of people, processes, and technology. The report explores the CIA triad (Confidentiality, Integrity, and Availability) as the core principles of security, detailing each principle and its implications. Confidentiality ensures that data is accessed only by authorized individuals; integrity ensures the data's validity and trustworthiness; and availability ensures that data is accessible when needed. The report references key publications to support its findings and provides a comprehensive overview of information security planning and its implementation.

Running head: INFORMATION SECURITY PLANNING
INFORMATION SECURITY PLANNING

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY PLANNING 1
Importance of Information Security Planning
Strategic planning is not any more rational or important in the present quickly changing specialized
condition, however, the technique still remains a basic piece of characterizing clear companywide
objectives and how to accomplish them. Key arranging is secured in with defining long pull
objectives, setting up the headings and requirements that will manage the strategic accomplishment of
these points and recognize the benefits and abilities that the association needs to execute the
arrangement. (Peltier, T. R., 2013)
A reasonable and brief security dynamic strategy permits officials, administration, and workers to see
where they are required to go, center their endeavors the correct way and know when they have
achieved their objectives. Unfortunately, a lot of associations do not have a data security key
procedure, or if nothing else one that is up to date. Some even claim to have a technique yet truly
don't. Therefore, there's an absence of center and irregularity in the moves made over the venture, also
a more prominent probability of something unpleasant incidence. If associations keep on viewing the
key plan as unfeasible or redundant, at that point, they are more averse to adequately achieve the
evidence of danger efficiently.
A recognized data security program evaluation against a characterized standard, for example, ISO/IEC
27002 — particularly when that standard is a piece of the system — empowers more proficient
arranging.
A data security vital arrangement can be more successful when an all-encompassing methodology is
embraced. This technique requires the reconciliation of individuals, process and innovation
measurements of data security while guaranteeing it is hazard adjusted and business-based. It requires
a reasonable arrangement amongst business and IT methodologies. The better the arrangement and
incorporation to key basic leadership, the less demanding it is to meet desires and complete the correct
things in an organized request. (Layton, T. P., 2016)

INFORMATION SECURITY PLANNING 2
Data security is a crossing and not a goal. There are constantly new difficulties to meet. Executing a
vital security arrangement is a basic achievement factor for associations that genuinely need to boost
their capacity to oversee data hazard. Focusing on this procedure takes assets and time. To be
completely viable, security pioneers should be seen as increasing the value of the business and IT key
arranging forms, concentrating on how their technique can improve the business and enable it to
succeed.
Outlining the methodologies of an information system while ensuring
CIA
The three essential standards of security are confidential, integrity, and availability (CIA) that are
regularly alluded to as CIA or AIC group of three which likewise frame the principle goal of any
security program.
The level of security required to fulfill these standards varies per organization, in light of the fact that
every ha its own novel blend of business and security objectives and necessities. All security controls,
systems, and protections are executed to give at least one of these standards. All dangers, dangers, and
vulnerabilities are measured for their potential ability to trade off one or the greater part of the AIC
standards. (Tipton, S. J.,2016)
Confidentiality: The Right Data Going to the Right Users
Confidentiality is not only about keeping data private, but as well as keeping the correct data,
whatever that might be, from being presented to the wrong individuals. The "right" data is touchy or
vital for framework operation.
The wrong clients, at that point, are any individuals or frameworks not approved to approach the
information. This is characterized by the client's part. A trusted worker who isn't an executive
presumably shouldn't approach a few information, a cheat shouldn't have any private information

INFORMATION SECURITY PLANNING 3
whatsoever, and a substance scrubber should just observe open data. Protection concerns almost
dependably delineate to privacy issues. (Gonçalves, A.,2017)
Integrity: Good Data from trustworthy Sources
All together for the framework to have honesty, the information must be substantial, originated from a
put stock in the source, go through secure implies that don't enable it to be blocked or messed with,
and be put away where it can't be seen or adjusted by the wrong clients. As a result, if your
information can't be altered in movement or very still however it originated from who-knows-where,
you likely still shouldn't believe it or settle on business choices in view of it. This is a more extensive
meaning of respectability than is regular for the CIA show since it considers whether the information
is reliable in any case. (Scharnick, N.,2016)
Availability: keeping the data flow
Accessibility is likely the most direct measure utilized by this system. A framework is accessible
when its information is open to the correct individuals when they require it. This can be effectively
extended to incorporate contemplations of the load. As it has been discovered great outside preparing
assets on the most proficient method to diminish vulnerabilities in code and gave them to our
engineers, as well as to our analyzers, so we could come at the issues from various edges.
Every one of the three of these elements influence each other, and keeping in mind that the words are
straightforward, the execution is as intricate as the framework under test. (Gonçalves, A.,2017)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY PLANNING 4
References
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance.
CRC Press.
Gonçalves, A., Correia, A., & Matos, R. (2017, April). Anti-bribery Quantitative Model for
Information Systems Based on Human Subjectivity. In World Conference on Information Systems and
Technologies (pp. 339-348). Springer, Cham.
Scharnick, N., Gerber, M., & Futcher, L. (2016, August). Review of data storage protection
approaches for POPI compliance. In Information Security for South Africa (ISSA), 2016 (pp. 48-55).
IEEE.
Tipton, S. J., Forkey, S., & Choi, Y. B. (2016). Toward Proper Authentication Methods in Electronic
Medical Record Access Compliant to HIPAA and CIA Triangle. Journal of medical systems, 40(4),
100.