Essay on City of Chicago Information Security Policy

This policy provides a framework for the management of information security throughout Cañar Networking organization. It applies to:

This policy establishes the guidelines that the organization follows. This would include an acceptable use policy, an authentication policy, and an incident response policy (“The IT Security Policy Guide”, n.d., pg. 6). This policy will reflect the entire organizations security posture, not just the IT department ideas. A strong policy will help employees understand what is expected of them, and explain to customers how their information is protected.

The purpose of this paper is to review State of Maryland information security program documentation and to determine the security standards used to create the program in order to protect confidentiality, integrity and availability of agency operations, organizational assets or individuals which is the main agenda of State of Maryland Department of information technology. We will also discuss about other standards that can be useful for the State of Maryland Information technology and compare and contrast the standards.

Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.

The Department of Homeland IT security policy must be uniform, stable, consistent, efficient, effective and compatible with best practices Information Security in the Department. It is the purpose of this security policy to create and implement the best security plans, strategies, and practices throughout the Department. Also, it is the intention of this policy to create safe and secure Cyberspace.

• 1.1 Identify different types of information technology that may be used for work tasks

The security plan is formulated to protect the information and important resources from a wide variety of potential threats. This will promote business continuity, reduce business risks and increase the return on investment together with business opportunities. The security of information technology is attained by executing a suitable set of control, efficient policies, processes, organization structures, software and the hardware. These given controls ought to be formulated, put into action, assessed, analyzed and developed for productivity, where necessary. This will allow the explicit security and business objectives of the United States Department of health and Human Services to be accomplished (Easttom, 2006, p.32).

The Questionnaires and information gathering documents are very important because they provide accurate information about the security of the system and where improvements can be made to prevent further intrusions and remediate certain vulnerabilities within a system. The inputs for this step include reports from prior

Webster characterizes "policy" as a "high-level overall plan embracing the general goals and acceptable procedures". It is, by and large acknowledged that an organization's information security policies should be the premise of its information security program. Particularly in case of global organizations, the requirement for sensible policies and the issues intrinsic in creating them are exceptionally critical. This paper serves as a dialog of some of the most common data security strategy-related matters that are common to global organizations and offer some approaches to resolving them.

Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.

Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which

The senior management of the company is committed to achieving a superior security governance by treating INFOSEC as a crucial business component. The aim of the policy is to create a security conscious environment and to exhibit to all parties, internal and external, the application of fundamental security principles notably taking responsibility for information security, applying security controls in relation to the risks and individual accountability.

Security is very important in any organization because one of the most significant values of an organization is its information in addition to that, its security is critical for business operations as well as its clients and customers. This article observes the disparity between the author’s security design principles list and the classic list of 1975. In addition to that, the general principles and a textbook coauthored by Saltzer are also examined.

The purpose of this security plan is to elicit the potential threats to an organisation physical and electronic information holdings. Organisations in general are starting to take information security more sincerely due to the proliferation of mobile services, VPN connections, terrorism and natural disasters. We must however acknowledge that this very technology advancement is regarded as efficient but is also leading to a higher level of security risks. These risks must be mitigated to ensure the confidentiality, integrity, and availability of information assets. (The SANS Institute. 2007)

Every state in the nation should have a comprehensive IT security policy due to the “growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems” ("Cyberspace policy RevIew", 2016). Because of “ the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights” ("Cyberspace policy RevIew", 2016). It is the responsibility of state and the federal government “ to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” ("Cyberspace policy RevIew", 2016).