Recommendation to Mitigate the Lac of InfoSec Policy

In this paper I will be discussing some of the benefits of having frameworks for information security management. What each of the frameworks of information security are, their pros and their cons. Which major perspectives to consider in information security management and framework choice. What organizational factors should be considered in framework choice? I will also attempt to come up with a better framework for information security.

Information systems are known to be at risk from malicious attacks, user error, and from other disasters. As technology is relied upon more heavily and computer systems become interdependent and accessible by more individuals, the susceptibility to threats increases. In addition, individuals are developing high levels of computer skills that results in an increased risk of intrusion from outsiders. The Information Security Risk Assessment will determine the assets of the company, organizational risks, the current security posture, any areas of risk for GDI, and recommend a mitigation strategy for reducing information security risks and implementing strategies to reduce these risks. Through the Information Security Risk Assessment, GDI is taking steps to ensure that the organization identifies significant risks and determines the best method to mitigate the risks.

Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document

Dred Scott went through a grueling process walking on the line of being a slave and a free man for almost his entire life. He was a brave man that had a passion for the taste of freedom. Instead of running away, he took advantage of the American legal system and sued for his freedom. He pushed as hard as he could for his freedom in court. Many years of court appeals and reversals eventually put his case in the United States Supreme Court. Dred Scott’s fight for liberty is considered one of the most famous court cases ever.

The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSA's framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA).

After the information system is installed, the IS security controls must be monitored and assessed on a continuous basis. Continuous monitoring ensures the security controls in place are effective. In this step, there are five tasks. The first task requires managers to determine the security impact based on the threat environment. The second task is conducting assessments on certain security controls as outlined in their Continuous Monitoring Strategy. The third task is correcting discrepancies found in the assessment. The fourth task requires updating the Security Authorization package based on the previous results. The fifth task requires the appropriate officials to make a risk determination and acceptance by reviewing the reported security

With respect to the article, the 85% of the companies that fall to the less effective quadrant in IT governance can start adopting a Duopoly Governance Arrangement where both the CEO and CIO work together and make decisions jointly. With Duopoly, a committee can be formed to oversee IT decisions, rate the IT leadership by the CIOs & continuous monitoring managers within the organization in their decision making & oversight. However, some organizations do not adopt a duopoly governance arrangement due to its size. Therefore, the next governance arrangement that can be adopted by the organizations is the Business Monarchy where decisions are made by senior business leader. With this model, the business leader can ask for the financial manager’s help to identify the kinds of information and system the organization needs, perform cost-benefit analysis, evaluate options based on priority setting and needs assessment and determine what’s important and upgrade as benefit.

In shaping a new security policies, it is essential to have a full understanding of all aspects of the internal network and services to be protected from both internal and outside threats. An article by Solms & Solms (2004) outlines several criteria in developing information security. First, a governing body must be formed to ensure all sensitive data is secured and provide due

In this case some big companies dominate the whole industry and as a result the small companies

The rising cost of healthcare in today’s economy is in desperate need of reform. The cost of healthcare has affected the number of people able to receive medical care. Individuals are suffering more than ever because of the inability to receive medical attention when it’s needed.

Information security is an important part of a company’s success and pharmacies are no exception due to their sensitive information. Information Security Officers are needed to ensure physical protection along with data and access protection. Information Security Officers wear different hats to accomplish their goals such as completing many information security functions to meet a company’s established guidelines, provisions and policies. They provide management with reports which detail how information security procedures and standards are put into practice to meet government standards regarding risk management policies, information security improvement tasks, analysis of progress and assessment of current programs in place.

All organizations should have an effective IT security policy framework to creating a security program to meet the needs of the organization to protect information and their information systems. There are many security frameworks that can be used to design an IT security program such as NIST and COBIT being a few. It is very important to establishing compliance of IT security controls with U.S. laws and regulation. The organization can align the policies and controls with the regulations. There are seven domain in the framework and each have their own challenges. There are issues and challenges with implementing a security policy framework and ways to overcome these problems.

are limited in some sectors because these MNCs are powerful and less regulated, and therefore have little incentive to invest in training and education of their workers. In addition, instead of joint venture with local firms, MNCs usually set limited

Security plays a major role in both the business and government worlds. We will discuss the legal aspects of organizational security management. Discuss both the positive and negative influences regarding organizational security. We will also be discussing what consequences will both business and government operations have to overcome if they fail to achieve security goals and objectives. The value private security management brings to businesses will also be discussed.

The current objective is to provide the medium sized insurance organization with the most effective draft of and IT security policy framework. In reviewing the literature, it is clear that recent implementations of a COBIT model have proven incredibly successful in keeping with an efficient and productive organizational IT structure. As such, it is recommended that COBIT serve as a primary model for the foundation of the proposed IT security policy framework.