Strategic Information Security Report
VerifiedAdded on  2020/04/01
|17
|3887
|87
Report
AI Summary
This report outlines a comprehensive security program for Norwood Systems, focusing on the development of effective security policies, risk assessment, and the implementation of security models. It discusses the roles of security personnel, identifies potential threats, and provides recommendations for enhancing the organization's information security framework.
Running head: STRATEGIC INFORMATION SECURITY
Strategic Information Security
Name of the Student
Name of the University
Author’s note
Strategic Information Security
Name of the Student
Name of the University
Author’s note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
STRATEGIC INFORMATION SECURITY
Executive Summary
The main objective of this report is to assist in the development of a well designed security
program for Norwood Systems. In the process of developing a security program, this report has
discusses about various roles as well as titles of security personnel of Norwood Systems. This
report also focuses on improving the present security structure of the organization for its
betterment. This report gives an overview of the several threats like DoS and spoofing that can
affect the information security of the organization. It points out the training requirements that are
needed for the proper implementation of the security program. This report also gives suggestion
regarding the security models that can be implemented by Norwood Systems to implement
information security in an effective manner.
STRATEGIC INFORMATION SECURITY
Executive Summary
The main objective of this report is to assist in the development of a well designed security
program for Norwood Systems. In the process of developing a security program, this report has
discusses about various roles as well as titles of security personnel of Norwood Systems. This
report also focuses on improving the present security structure of the organization for its
betterment. This report gives an overview of the several threats like DoS and spoofing that can
affect the information security of the organization. It points out the training requirements that are
needed for the proper implementation of the security program. This report also gives suggestion
regarding the security models that can be implemented by Norwood Systems to implement
information security in an effective manner.
2
STRATEGIC INFORMATION SECURITY
Table of Contents
1. Introduction......................................................................................................................3
2. Literature on Information Security..................................................................................3
3. Current Security Situation and Titles of the Security Personnel.....................................4
3.1 Risk Assessment and Threat Identification...............................................................5
3.2 Security Models.........................................................................................................6
4. Development of Security Program..................................................................................7
5. Roles and Responsibilities...............................................................................................9
6. Improvement Plan..........................................................................................................10
7. Training Requirements..................................................................................................11
8. ISO Standards and Models............................................................................................11
9. Conclusion.....................................................................................................................12
10. Recommendations........................................................................................................13
11. References....................................................................................................................14
STRATEGIC INFORMATION SECURITY
Table of Contents
1. Introduction......................................................................................................................3
2. Literature on Information Security..................................................................................3
3. Current Security Situation and Titles of the Security Personnel.....................................4
3.1 Risk Assessment and Threat Identification...............................................................5
3.2 Security Models.........................................................................................................6
4. Development of Security Program..................................................................................7
5. Roles and Responsibilities...............................................................................................9
6. Improvement Plan..........................................................................................................10
7. Training Requirements..................................................................................................11
8. ISO Standards and Models............................................................................................11
9. Conclusion.....................................................................................................................12
10. Recommendations........................................................................................................13
11. References....................................................................................................................14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
STRATEGIC INFORMATION SECURITY
1. Introduction
Information is the most important asset of an organization. In this era of information and
communication technology, security threats and risks are becoming a major concern for the
organizations (Andress 2014). Information security deals with the protection of the integrity,
availability as well as confidentiality of the sensitive and valuable information of a company.
Norwood Systems is known for providing telecommunication services to enterprises, consumers
and carriers across the world (Norwoodsystems.com 2017).
This report discusses the security programs that can be adopted by Norwood Systems for
improving its current security structure. This report discusses about the concept of information
security and provides suggestion regarding the types of security models that can be implemented
for the betterment of the organization. It identifies the security threats and risk assessment plans
and programs that can be adopted. This report also provides the requirement for training plans
and the suitable ISO standards as well as models for Norwood Systems.
2. Literature on Information Security
Information security deals with protecting systems as well as information from any type
of unauthorized or illegal access, modification, destruction as well as disclosure. The main
objective of information security is to maintain integrity, availability and confidentiality of
information (Peltier 2016). Confidentiality deals with protecting or securing the valuable
information from any type of unethical or unauthorized access. Confidentiality makes sure that
only authorized users can access the right information as per their needs. Integrity deals with
protecting valuable information from any type of unauthorized destruction and modification.
STRATEGIC INFORMATION SECURITY
1. Introduction
Information is the most important asset of an organization. In this era of information and
communication technology, security threats and risks are becoming a major concern for the
organizations (Andress 2014). Information security deals with the protection of the integrity,
availability as well as confidentiality of the sensitive and valuable information of a company.
Norwood Systems is known for providing telecommunication services to enterprises, consumers
and carriers across the world (Norwoodsystems.com 2017).
This report discusses the security programs that can be adopted by Norwood Systems for
improving its current security structure. This report discusses about the concept of information
security and provides suggestion regarding the types of security models that can be implemented
for the betterment of the organization. It identifies the security threats and risk assessment plans
and programs that can be adopted. This report also provides the requirement for training plans
and the suitable ISO standards as well as models for Norwood Systems.
2. Literature on Information Security
Information security deals with protecting systems as well as information from any type
of unauthorized or illegal access, modification, destruction as well as disclosure. The main
objective of information security is to maintain integrity, availability and confidentiality of
information (Peltier 2016). Confidentiality deals with protecting or securing the valuable
information from any type of unethical or unauthorized access. Confidentiality makes sure that
only authorized users can access the right information as per their needs. Integrity deals with
protecting valuable information from any type of unauthorized destruction and modification.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
STRATEGIC INFORMATION SECURITY
Integrity makes sure that the information is complete, uncorrupted and accurate. Availability
deals with providing correct information in a timely manner without any obstruction or
interference. Information system consists of various components like software, hardware, people,
data, procedures and networks (Ciampa 2012). All these components are vulnerable to various
risks and threats. Information security is an important need of every organization. Several
strategies can be used for protecting the information against any kind of attacks. Risks can be
avoided and mitigated to promote a secure business environment (Vacca 2013). Loss of valuable
information can harm several users and also affect the company reputation. Information security
is gaining importance with time. There are several information security models that can be
incorporated in the business processes of an organization based on certain needs and
requirements.
3. Current Security Situation and Titles of the Security Personnel
Norwood Systems are responsible for providing telecommunication services of high
quality. The Enterprise Solution makes the use of cloud services for making the communication
platform of the corporate world very effective. They have a strong security policy in the
organization. Several security personnel are present in an organization. Each of them has an
unique role and responsibility. Some of them are as follows:
Chief Information Security Officer: CISO is the head of the security department and
responsible for the overall management of the security department.
Security Engineer: A security engineer is responsible for monitoring the security needs of
the organization. A security engineer makes proper utilization of advanced technologies for
enhancing the security capabilities of the company.
STRATEGIC INFORMATION SECURITY
Integrity makes sure that the information is complete, uncorrupted and accurate. Availability
deals with providing correct information in a timely manner without any obstruction or
interference. Information system consists of various components like software, hardware, people,
data, procedures and networks (Ciampa 2012). All these components are vulnerable to various
risks and threats. Information security is an important need of every organization. Several
strategies can be used for protecting the information against any kind of attacks. Risks can be
avoided and mitigated to promote a secure business environment (Vacca 2013). Loss of valuable
information can harm several users and also affect the company reputation. Information security
is gaining importance with time. There are several information security models that can be
incorporated in the business processes of an organization based on certain needs and
requirements.
3. Current Security Situation and Titles of the Security Personnel
Norwood Systems are responsible for providing telecommunication services of high
quality. The Enterprise Solution makes the use of cloud services for making the communication
platform of the corporate world very effective. They have a strong security policy in the
organization. Several security personnel are present in an organization. Each of them has an
unique role and responsibility. Some of them are as follows:
Chief Information Security Officer: CISO is the head of the security department and
responsible for the overall management of the security department.
Security Engineer: A security engineer is responsible for monitoring the security needs of
the organization. A security engineer makes proper utilization of advanced technologies for
enhancing the security capabilities of the company.
5
STRATEGIC INFORMATION SECURITY
Security Analyst: They are responsible for analyzing and assessing several vulnerabilities
in the IT infrastructure of the company.
Systems Administrator: They are responsible for installing and managing security
systems across the entire organization.
3.1 Risk Assessment and Threat Identification
Risk assessment is required for developing strong security policies in an organization.
Real risks and threats are identified along with their level of exposure and probability of
occurrence (Peltier 2013). Risk assessment can be done by following certain procedures and
steps. In the NIST framework of risk management, assumption of risk, risk constraint, tolerance
as well as priorities are identified. The company goals, business processes, mission, information
security architecture and SDLC processes are integrated for proper assessment of risk. The
threats and vulnerabilities existing in the organization are identified. After the identification is
done, the company finds out various ways to respond to the risks and selects the most suitable
option. The last component is to monitor the risks and to bring about change in the information
system of the organization due to the impact of risks. ENISA framework can be used by
Norwood Systems in order to assess the risks that are related to the cloud service that is provided
to the enterprises for effective communication. In ENISA, risks are identified then analyzed
followed by evaluation process.
Security threats are a major concern of Norwood Systems. Telecommunication industries
are vulnerable to several threats. The network equipments as well as the switching infrastructure
can be accessed in an unauthorized manner. This can lead to tampering and illegal tapping of
network traffic. The voice traffic can be intercepted because there is no encryption in case of
STRATEGIC INFORMATION SECURITY
Security Analyst: They are responsible for analyzing and assessing several vulnerabilities
in the IT infrastructure of the company.
Systems Administrator: They are responsible for installing and managing security
systems across the entire organization.
3.1 Risk Assessment and Threat Identification
Risk assessment is required for developing strong security policies in an organization.
Real risks and threats are identified along with their level of exposure and probability of
occurrence (Peltier 2013). Risk assessment can be done by following certain procedures and
steps. In the NIST framework of risk management, assumption of risk, risk constraint, tolerance
as well as priorities are identified. The company goals, business processes, mission, information
security architecture and SDLC processes are integrated for proper assessment of risk. The
threats and vulnerabilities existing in the organization are identified. After the identification is
done, the company finds out various ways to respond to the risks and selects the most suitable
option. The last component is to monitor the risks and to bring about change in the information
system of the organization due to the impact of risks. ENISA framework can be used by
Norwood Systems in order to assess the risks that are related to the cloud service that is provided
to the enterprises for effective communication. In ENISA, risks are identified then analyzed
followed by evaluation process.
Security threats are a major concern of Norwood Systems. Telecommunication industries
are vulnerable to several threats. The network equipments as well as the switching infrastructure
can be accessed in an unauthorized manner. This can lead to tampering and illegal tapping of
network traffic. The voice traffic can be intercepted because there is no encryption in case of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
STRATEGIC INFORMATION SECURITY
speech channels. Mobile stations can be modified for exploiting the weaknesses in message
authentication (Mayer et al. 2013). This can cause spoofing where the attacker pretends to be
someone else in order to gain access to sensitive information. The base stations can also be
modified for enticing users for getting attached to it (Jafarnia-Jahromi et al. 2012). The lawful
mechanism of interception can be misused. Backdoor attack can take place that observes the
activity of the user and misuses the data. Denial of Service attack can use the resources of the
network by sending unwanted network traffic to the target system. Cloud services that are
provided by Norwood Systems are vulnerable to certain threats like data breach, insecure
interface, malicious insiders, account hijacking, issues regarding shared technologies and DoS.
The deliberate threats are more dangerous and have high exposure because the attacker has
malicious intentions behind such attacks (Ross 2014). Categorizing and ranking the threats will
be helpful for the organization to promote a secured work culture and environment.
3.2 Security Models
The security models can be considered as standards that can be used for comparison or
reference. The NIST access control model is used for identifying the access mechanism of the
various levels in Norwood Systems. The management level accesses the data and information
related to strategic planning (Chang, Kuo and Ramachandran 2016). The administrative level
controls the operational data and the technical level accesses the daily information that is
required for continuity of business.
The security models help to implement information security in the organization. These
models can be incorporated in the hardware, software as well as policies of the organization.
Norwood Systems provide enterprise solution via cloud services called Corona Cloud (Malik and
Nazir 2012). NIST Security models will be extremely beneficial for the company. NIST
STRATEGIC INFORMATION SECURITY
speech channels. Mobile stations can be modified for exploiting the weaknesses in message
authentication (Mayer et al. 2013). This can cause spoofing where the attacker pretends to be
someone else in order to gain access to sensitive information. The base stations can also be
modified for enticing users for getting attached to it (Jafarnia-Jahromi et al. 2012). The lawful
mechanism of interception can be misused. Backdoor attack can take place that observes the
activity of the user and misuses the data. Denial of Service attack can use the resources of the
network by sending unwanted network traffic to the target system. Cloud services that are
provided by Norwood Systems are vulnerable to certain threats like data breach, insecure
interface, malicious insiders, account hijacking, issues regarding shared technologies and DoS.
The deliberate threats are more dangerous and have high exposure because the attacker has
malicious intentions behind such attacks (Ross 2014). Categorizing and ranking the threats will
be helpful for the organization to promote a secured work culture and environment.
3.2 Security Models
The security models can be considered as standards that can be used for comparison or
reference. The NIST access control model is used for identifying the access mechanism of the
various levels in Norwood Systems. The management level accesses the data and information
related to strategic planning (Chang, Kuo and Ramachandran 2016). The administrative level
controls the operational data and the technical level accesses the daily information that is
required for continuity of business.
The security models help to implement information security in the organization. These
models can be incorporated in the hardware, software as well as policies of the organization.
Norwood Systems provide enterprise solution via cloud services called Corona Cloud (Malik and
Nazir 2012). NIST Security models will be extremely beneficial for the company. NIST
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
STRATEGIC INFORMATION SECURITY
documents are freely available and have been updated by the government as well. It provides
guidelines regarding risk assessments, privacy controls and security plans (Hamlen et al. 2012).
Norwood Systems need to implement strong security policies for protecting the cloud against
any kinds of threats (Youssef 2012).
4. Development of Security Program
Norwood Systems is a medium sized company and has a hierarchical organizational
structure. Code of conduct prevails in the organizational culture. The employees are expected to
act honestly and protect the assets of the company. The employees can release confidential
information with the permission of the company. The company takes serious action if there is
breach of conduct. Strong security program needs to be developed for protecting the company
against security threats and risks. Failure to protect valuable information will harm the reputation
of the company. The key components of the security program that needs to be developed are as
follows:
Hire a DSO or Designated Security Officer: DSO is required for monitoring and
coordinating the security policies of the organization.
Risk Assessment: The Company must identify the types of information that it stores
along with the value of the information. Identification of risks and threats that is associated with
different category of information needs to be done. The threats and risks must be ranked
according to its level of exposure and effect.
Access control: The security officer must decide which information must be available to
whom. The employees must be authorized to access the type of information that is needed by
STRATEGIC INFORMATION SECURITY
documents are freely available and have been updated by the government as well. It provides
guidelines regarding risk assessments, privacy controls and security plans (Hamlen et al. 2012).
Norwood Systems need to implement strong security policies for protecting the cloud against
any kinds of threats (Youssef 2012).
4. Development of Security Program
Norwood Systems is a medium sized company and has a hierarchical organizational
structure. Code of conduct prevails in the organizational culture. The employees are expected to
act honestly and protect the assets of the company. The employees can release confidential
information with the permission of the company. The company takes serious action if there is
breach of conduct. Strong security program needs to be developed for protecting the company
against security threats and risks. Failure to protect valuable information will harm the reputation
of the company. The key components of the security program that needs to be developed are as
follows:
Hire a DSO or Designated Security Officer: DSO is required for monitoring and
coordinating the security policies of the organization.
Risk Assessment: The Company must identify the types of information that it stores
along with the value of the information. Identification of risks and threats that is associated with
different category of information needs to be done. The threats and risks must be ranked
according to its level of exposure and effect.
Access control: The security officer must decide which information must be available to
whom. The employees must be authorized to access the type of information that is needed by
8
STRATEGIC INFORMATION SECURITY
them to run the business and depending upon their roles and levels in the organizational
structure.
Individual account: All the employees must have a separate account so that it can be
monitored properly and it will also help to investigate any data loss or manipulation.
Develop policies: Information security policies must be developed so that the entire
organization is aware of the security expectations. The importance of information must be
mentioned in the policies. These policies must be reviewed as well as updated every year. The
employees must sign agreement to follow the rules and policies.
Effective governance: The security officer must make sure that the policies are being
followed in an effective manner. The roles and responsibilities of the employees must be clearly
defined so that the operations are carried out in an effective manner (Siponen, Mahmood and
Pahnila 2014).
Install firewalls: Firewalls can be implemented to protect the internal network from any
external malicious attack. A hardware firewall can be used between the internal network and
Internet (Hu, Ahn and Kulkarni 2012). The firewall must be installed with antivirus software.
Software firewall needs to be installed in all the computer systems. The firewall must be
updated. It must be purchased from an authentic vendor.
Secure wireless access points: The administrative password of the device must be
changed. The wireless access points should be set in such a manner that does not broadcast its
SSID. The router must be set to use WPA-2 along with AES or Advanced Encryption Standard.
STRATEGIC INFORMATION SECURITY
them to run the business and depending upon their roles and levels in the organizational
structure.
Individual account: All the employees must have a separate account so that it can be
monitored properly and it will also help to investigate any data loss or manipulation.
Develop policies: Information security policies must be developed so that the entire
organization is aware of the security expectations. The importance of information must be
mentioned in the policies. These policies must be reviewed as well as updated every year. The
employees must sign agreement to follow the rules and policies.
Effective governance: The security officer must make sure that the policies are being
followed in an effective manner. The roles and responsibilities of the employees must be clearly
defined so that the operations are carried out in an effective manner (Siponen, Mahmood and
Pahnila 2014).
Install firewalls: Firewalls can be implemented to protect the internal network from any
external malicious attack. A hardware firewall can be used between the internal network and
Internet (Hu, Ahn and Kulkarni 2012). The firewall must be installed with antivirus software.
Software firewall needs to be installed in all the computer systems. The firewall must be
updated. It must be purchased from an authentic vendor.
Secure wireless access points: The administrative password of the device must be
changed. The wireless access points should be set in such a manner that does not broadcast its
SSID. The router must be set to use WPA-2 along with AES or Advanced Encryption Standard.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
STRATEGIC INFORMATION SECURITY
Web filters: The security officer must set email filters so that it can filter out malicious
emails. Use of web filters will help Norwood Systems to detect any malicious website and
prevent from accessing the malicious website.
Encryption: The information of the system must be protected by encryption technique.
The plain text information can be converted into cipher text so that it cannot be read by the
attackers (Daemen and Rijmen 2013). AES can be used for protecting valuable information.
5. Roles and Responsibilities
CISO: The CISO looks after the entire security policies and procedures in the
organization. The strategic planning is done by the CISO. CISO guarantees that the design for
the information security of the firm is effective. CISO monitors the working of all the security
related jobs in the organization.
Security Manager: The security manager deals with collecting, storing as well as utilizing
information to achieve the organizational goals. They play the role of a decision maker while
selecting appropriate methodologies for the organization. They also coordinate and communicate
information among the different layers in the organization.
Security Engineer: The risk assessment and control framework of the firm is designed by
the security engineer. The security engineer designs an appropriate security framework for the
firm. It is the responsibility of the security engineer to update the design based on current
security threats and risks.
Security Analyst: The security analyst is responsible for analyzing the security threats
and its exposure. The security analyst helps to maintain the integrity of the data.
STRATEGIC INFORMATION SECURITY
Web filters: The security officer must set email filters so that it can filter out malicious
emails. Use of web filters will help Norwood Systems to detect any malicious website and
prevent from accessing the malicious website.
Encryption: The information of the system must be protected by encryption technique.
The plain text information can be converted into cipher text so that it cannot be read by the
attackers (Daemen and Rijmen 2013). AES can be used for protecting valuable information.
5. Roles and Responsibilities
CISO: The CISO looks after the entire security policies and procedures in the
organization. The strategic planning is done by the CISO. CISO guarantees that the design for
the information security of the firm is effective. CISO monitors the working of all the security
related jobs in the organization.
Security Manager: The security manager deals with collecting, storing as well as utilizing
information to achieve the organizational goals. They play the role of a decision maker while
selecting appropriate methodologies for the organization. They also coordinate and communicate
information among the different layers in the organization.
Security Engineer: The risk assessment and control framework of the firm is designed by
the security engineer. The security engineer designs an appropriate security framework for the
firm. It is the responsibility of the security engineer to update the design based on current
security threats and risks.
Security Analyst: The security analyst is responsible for analyzing the security threats
and its exposure. The security analyst helps to maintain the integrity of the data.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
STRATEGIC INFORMATION SECURITY
6. Improvement Plan
The information security of Norwood Systems can be improved by dividing the
responsibilities of the security personnel in an effective manner. More designations must be
added so that the responsibilities of the employees are not overlapped. Each of them will have a
separate role to play and the outcome will be highly effective. Proper strategies must be
developed for improving the information security of Norwood Systems (Ahmad, Maynard and
Park 2014). The new roles and titles that can be very effective are as follows:
Technical security manager: These managers will focus on the firewall implementation,
protection of data leakage, encryption, patching and all other technical aspects of the information
security in the organization.
Program security manager: These managers will focus on evaluating the vendor or third
party risk. The security managers role can be divided into technical and program security
manager for the betterment of the firm.
Risk Officer: A risk officer must be hired whose main focus will be to manage
implementation procedure of risk function. A risk officer will develop processes for identifying
risk areas, exposure of the risk and develop risk policies as well. Risk officer will monitor and
tackle risk issues that are critical.
Other specialized roles can include virus technician who will identify new viruses and
develop defense mechanisms against them, intrusion detector who will monitor the networks and
systems to identify how the intrusion occurred. Source code manager can review source codes to
detect vulnerabilities. Distinguishing all the security related roles and functions can be helpful in
improving the information security of the firm.
STRATEGIC INFORMATION SECURITY
6. Improvement Plan
The information security of Norwood Systems can be improved by dividing the
responsibilities of the security personnel in an effective manner. More designations must be
added so that the responsibilities of the employees are not overlapped. Each of them will have a
separate role to play and the outcome will be highly effective. Proper strategies must be
developed for improving the information security of Norwood Systems (Ahmad, Maynard and
Park 2014). The new roles and titles that can be very effective are as follows:
Technical security manager: These managers will focus on the firewall implementation,
protection of data leakage, encryption, patching and all other technical aspects of the information
security in the organization.
Program security manager: These managers will focus on evaluating the vendor or third
party risk. The security managers role can be divided into technical and program security
manager for the betterment of the firm.
Risk Officer: A risk officer must be hired whose main focus will be to manage
implementation procedure of risk function. A risk officer will develop processes for identifying
risk areas, exposure of the risk and develop risk policies as well. Risk officer will monitor and
tackle risk issues that are critical.
Other specialized roles can include virus technician who will identify new viruses and
develop defense mechanisms against them, intrusion detector who will monitor the networks and
systems to identify how the intrusion occurred. Source code manager can review source codes to
detect vulnerabilities. Distinguishing all the security related roles and functions can be helpful in
improving the information security of the firm.
11
STRATEGIC INFORMATION SECURITY
7. Training Requirements
Security awareness plays a critical role in the implementation of the new security
program. There must be a balanced trust across the organization so that information is shared in a
secured and effective manner (Hu et al. 2012). The higher authorities must play a significant role
in demonstrating the need for security programs in the organization. The employees must be
given proper training so that they understand the security policies in a correct manner. The
employees should know to utilize the organizational resources in an efficient way. They must be
given training so that they can tackle any type of security incident. Monthly meetings must be set
up to discuss about various security issues and measures to overcome such issues. Cooperation
of the employees is needed in order to promote information security in the organization.
8. ISO Standards and Models
ISO model is the most used security model in the industry. This standard was developed
for providing a common base to the organizations for the purpose of developing security
standards (Disterer 2013). This helped in developing inter organizational deals.
ISO/IEC 27001: This provides information regarding the implementation plan of
ISO/IEC 27002 for the purpose of setting up ISMS or Information Security Management System.
ISO/IEC 27002: This addresses controls of information security. A firm can use this
standard to address their security needs and develop security policies.
This model is suitable for Norwood Systems as it will help the organization to develop a
management system that will manage information security. Norwood Systems provides
Enterprise Solutions with the help of Corona Cloud. The ENISA security model will also be
suitable for the cloud security of the organization (Pearson 2013). This model will help the firm
STRATEGIC INFORMATION SECURITY
7. Training Requirements
Security awareness plays a critical role in the implementation of the new security
program. There must be a balanced trust across the organization so that information is shared in a
secured and effective manner (Hu et al. 2012). The higher authorities must play a significant role
in demonstrating the need for security programs in the organization. The employees must be
given proper training so that they understand the security policies in a correct manner. The
employees should know to utilize the organizational resources in an efficient way. They must be
given training so that they can tackle any type of security incident. Monthly meetings must be set
up to discuss about various security issues and measures to overcome such issues. Cooperation
of the employees is needed in order to promote information security in the organization.
8. ISO Standards and Models
ISO model is the most used security model in the industry. This standard was developed
for providing a common base to the organizations for the purpose of developing security
standards (Disterer 2013). This helped in developing inter organizational deals.
ISO/IEC 27001: This provides information regarding the implementation plan of
ISO/IEC 27002 for the purpose of setting up ISMS or Information Security Management System.
ISO/IEC 27002: This addresses controls of information security. A firm can use this
standard to address their security needs and develop security policies.
This model is suitable for Norwood Systems as it will help the organization to develop a
management system that will manage information security. Norwood Systems provides
Enterprise Solutions with the help of Corona Cloud. The ENISA security model will also be
suitable for the cloud security of the organization (Pearson 2013). This model will help the firm
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.