This website uses cookies to ensure you have the best experience. Learn more

Information Security For Managers Essay

2401 words - 10 pages

Assignment 2

Information Security for Managers

Submitted By:
Student Number:

Submitted Date: January 22, 2009

Table of Contents
1. Information Security Policy (Word Count = approx. 1000) 3
1.1 Security: 3
1.2 Policy: 3
1.3 Information Security Policy and its importance: 4
1.4 Policies, Procedures, Practices, Guidelines 5
1.5 Example of good policy statement 6
1.6 Possible structure of information security policy documents 7
1.7 Strategies and techniques to implement information security policies 8
2. Developing the Security Program(Word Count = approx. 500) 9
3. Security Management Models and Practices (Word Count = approx. 500) 11
A. ISO/IEC ...view middle of the document...

It is also known as a process of making decisions with different priorities and choosing among them. Policies can be written for policical, financial, management and administrative conditions for achieving explicit goals (Wikipedia: policy, 2009). Information security policy document contains the written statements for how an organization intends to protect information.

1.3 Information Security Policy and its importance:
Information flow within a business is a foundation of its competitive edge and financial liquidity. Maintaining the competitive edge is also increasingly often related to implementing information services, which act as a way to improve information flow. However, it is important that these services be implemented in such a fashion, that the intended profits do not become losses. That is why information security policy is of such importance. Information security policy must be implemented in such a fashion, that it enables business continuity, minimizes risk, and maximizes business efficiency.
Improper development of information resources leads in consequence to data scattering and decrease in security. In order to protect the business assets, businesses develop information security policies as sets of regulations and procedures, which are intended to help maintain information confidentiality, integrity and availability.
Company’s information security policy is a document which states the company’s resources and assets which are continuously updated as technology and business requirements changes. It is one of the most important information security document. Enterprises implements information security policies for the following five major consequences (Peltier 2002) :
i. It can be benificial for gaining competitive advantage;
ii. Improves customer and shareholder confidence;
iii. Decreases governmental interference;
iv. Compliance with legislative requirements; and
v. The risk of legal liability decreases

1.4 Policies, Procedures, Practices, Guidelines

Source: (Whitman & Mattord 2007, p.112)
The figure above provides a general view for policies, standards, practices, guidelines and procedure. More specifically,
I. Policies are plan of action of the governement, business, party or political sector for influencing and determining decision, actions and other matters.
II. Standards are the more detailed statement for complying policy.
III. Practices, Guidelines and Procedures explains how the employees in an organisation comply with the policy.
For example a policy of an enterprise can be something like the employees are not allowed to view inappropirate web sites in the workplace. While implementing these policy, enterprise create standards that all the inappropirate sites are bocked and list those sites that are considered inappropirate.

1.5 Example of good policy statement
A good policy statement must have the following properties (Whitman & Mattord 2007)
i. Policy must be developed with...

Other Papers Like Information Security For Managers

Information Security Essay

255 words - 2 pages is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect IP in the United States and Europe? 12. How does the Sarbanes-Oxley Act of 2002 affect information security managers? 13. What is due care? Why should an organization make sure to exercise due care in its usual course of operations? 14. How is due diligence different from due care? Why are both important? 15. What is a

It255 Project Essay

1460 words - 6 pages  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management

Information Security Challenge

2242 words - 9 pages dice” when it comes to information security. Avoiding the Lowe’s Scenario To generate the solution set to any problem it helps to understand the mechanism of action or insult. Referencing the Lowe’s incident, Lowe’s was a large (too big) company that utilized wireless access points at its sales registers. Once a sale was made the pertinent information was transmitted via the wireless network to be recorded and accounted for etc… Wireless access

Security Management

258 words - 2 pages in emergencies, obtain free training, and services, reduce the numbers of calls for service. Security services providers can gain information from law enforcement regarding threats and crime trends, build law enforcement understanding of corporate needs, enhance law enforcements respect for the security field( U.S. Department of Justice, Bureau of Justice Assistance). (Ortemeir 2013pg.14)

Management Information System

4899 words - 20 pages should become a main focus for each organization and a critical part of their strategy. 4. While technical aspect of cyber-security is extremely important, minimizing human error is also significant. Therefore, all the managers starting with the CEO on down, should be held accountable for managing information technology. Employees should understand they are responsible for things they can control and should follow cyber safety practices. The goal

Preventing Security Breaches

354 words - 2 pages way is to provide proper training for your employees to follow the security guidelines and assist with the physical security measures taken. With proper training, employees know how to lock their computers, protect their files, and protect sensitive information. By following the rules in training, they will help to eliminate an even larger amount of security breaches. Too many employees do not know how easy it is to protect their information

Professional Knowledge And Abilities

598 words - 3 pages personal skills and increasing professional knowledge, people are more likely to reach their professional goals. The skill and knowledge that one develops are an essential for career success. “The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the

It Challenges

2379 words - 10 pages ) understand? Although information systems have provided enormous benefits and efficiencies, they have also created new ethical and social problems and challenges. A major management challenge is to make informed decisions that are sensitive to the negative consequences of information systems as well to the positive ones. Managers face an ongoing struggle to maintain security and control. Today, the threat of unauthorized penetration or

Principles Of Information Security 4th Ed Chapter 1 Review Questions

801 words - 4 pages early years because physical access was the primary threat. 5. What are the three components of the C.I.A. triangle? What are they used for? Confidentiality: Information should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security

Directions For Web And E-Commerce Application Security

3283 words - 14 pages -commerce systems. It described end-to-end security including security for clients and servers as well as transactions. One of the key issues here is how do you protect your assets while collaborating with other organizations. The idea is that each organization must have suitable methods and mechanisms for specifying which information it would like to share while collaborating with other organizations and which information is for internal


1121 words - 5 pages accounting operations. The following business brief will identify Kudler’s key business and accounting information needs, analyze the strengths and weaknesses of Kudler’s current computer system and technology use. We will explain what opportunities Kudler has in terms of technology and provide suggestions for improving Kudler’s ability to maximize these opportunities. We will evaluate the threats that Kudler may encounter given their current

Related Essays

On The Development Of Comprehensive Information Security Policies For Organizations

3359 words - 14 pages end. Curtis, S. K. (2012). Commitment to cybersecurity and information technology governance: A case study and leadership model. (Doctoral dissertation). Retrieved from the ProQuest dissertation and thesis database. (UMI No. 3569139) The problem as described by the author in this quantitative study is senior managers are not using web analytic technology (WAT) and there is a lack of literature describing why this is the case. The purpose of

Rough Paper

4020 words - 17 pages . Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and policy areas. In many cases, the CISO is the major definer or architect of the information security program. The CISO performs the following functions: Manages the overall information security program for the organization Drafts or approves information security

Sec 402 Request For Proposals (Rfp)

1200 words - 5 pages Summary Details The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration. Also dress the concerns on the recent number of hack visit attacks that have caused the network to fail across the enterprise. The organization has know brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product

9/11 On Las Vagas Essay

282 words - 2 pages employee unrest could have avoid the whole situation by thinking ethically and talking to their employees. Dr. Kolin's guidelines to help you reach ethical decisions would have been a good start for these managers to help convey the right information to its staff. "Prompt and honest notifications are essential to the safety, security, progress, and ultimate success of a company" (Kolin 32).