Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Information Security Management: Part 1: Choose a organization (software, cell-p

ID: 667366 • Letter: I

Question

Information Security Management:

Part 1:

Choose a organization (software, cell-phone, bank, etc.) and identify its mission or objective.

Identify its motivation for security policy and the security policies they have. You could refer to the examples posted in Canvas. Note the security policy includes Enterprise infosec program policy, Issue-specific infosec policies, and Systems-specific infosec policies.

Attention: Every group member should come with a security policy and provide a 1-2 page (single-spaced) summary of the security policies. Ensure to address the following:

Are the existing policies obsolete?

Does it need change to include current security developments?

For each change, please indicate why such change is necessary. How such changes facilitate the organization’s functionality.

Explanation / Answer

----------------------------
What is security policy?
----------------------------
   Security policy is process to provide securiy for a system, organization or other entity. Policy is the essential foundation of an effective information security program. A quality information security program begins and ends with policy.

------------------------------------------
For policies to be effective they must be
------------------------------------------
-> properly disseminated
-> read
-> understood
-> agreed-to
-> Policies require constant modification and maintenance.

-------------------------------------------
Must define three types of information security policy.
-------------------------------------------

--------------------------------------------------
1.Enterprise information security program policy:
--------------------------------------------------
   -> Sets the strategic direction, scope, and tone for all of an organization’s security efforts.
   -> Assigns responsibilities for the various areas of information security.
-> Guides the development, implementation, and management requirements of the information security program.

   Example: Use of Information: Company X information must be used only for the business purposes expressly authorized by management.

--------------------------------------------------
2.Issue-specific information security policies
--------------------------------------------------
   -> A sound issue-specific security policy provides detailed, targeted guidance to instruct all members of the organization in the use of technology based systems.
   -> The ISSP should begin with an introduction of the fundamental technological philosophy of the organization.
   -> Authorized Access and Usage of Equipment.
   -> Prohibited Usage of Equipment

--------------------------------------------------
3.Systems-specific information security policies
--------------------------------------------------
   -> Systems-Specific Policies (SysSPs) frequently do not look like other types of policy.
   -> They may often be created to function as standards or procedures to be used when configuring or maintaining systems.


software organization is one of the key role in security policies.

-------------------------------------------
Are the existing policies obsolete?
-------------------------------------------
Yes, Since currently Software organization provides a set of security policies
which are secured.

-----------------------------------------------------------------
The following are the features provided in Software organization
-----------------------------------------------------------------
-> Providing authentication for privileged users.
-> Encryption mechanisms provided.
-> Data protections and back up proceders.
-> Blocking of malacious sites.
-> Anti virus softwares installed on systems.
-> System Upgrade(Include windows upgrade).
-> Security Review and Audit
-> Error Handling and Logging
-> General Coding Practices
-> Risk management

---------------------------------------------------------------
Does it need change to include current security developments?
---------------------------------------------------------------
-> Though enough security policies are present. There are some
security violations being performed by attackers due to weak system policies and proceders to have.

For example if a user has choosen weak password its very easy to identiy the attacker to know password
and easily access the system. Its software to provide such policies to ensure the strong password to include
special characters etc. and should make constraits thant can not use last 5 passwords etc.

-> Must provide better backup policy.
-> Installing bug free softwares to getrid from attackers.
  

Related Questions

Information Consider the following scenario: A group of 300 students, between th
Question #3276182
Information Consider the following scenario: A group of 300 students, between th
Question #3302795
Information E-mail: Choosing a Holiday Plan In the past your company offered all
Question #385420
Information From the recent National Survey of Families and Households the follo
Question #2946076
Information Gathering, Requirements Identfication&Modelling; Olive Garden is an
Question #361132
Information Given: Location:Mars 50 solar panels 2 meters by 1 meter, with the e
Question #2259082
Information Given: Location:Mars The Sun hits the Earth with a good 1400 W/squar
Question #2259664
Information Hanley\'s direct labor costs for January 2010 is as follows: Actual
Question #2380372

Navigate

Previous
Information Security Certifications: To ensure that information technology worke
Next
Information Security Master Plan (Be Sure to Read All Content - Case Study with