Module 6 - Reflective Essay Integration and Reflection

Module 6 - Reflective Essay Integration and Reflection

Introduction

Information Security is the backbone of every organization and plays an important role in protecting the assets of any organization; since information security is having a vital role in the economy of all organization therefore management of information security should be the top priority for every organization. Managing information security requires the clear understanding of security laws and standards; it also includes security perception and awareness.

Description

Information Security Standards and their Importance

Major information security standards include ISO Standards, ITIL, COBIT and Payment Card Industry Data Security Standard. ISO Standards include ISO/IEC 27002:2005; policies regarding the management of information security is discussed in this standard, ISO/IEC 27001:2005; this standard discusses the information security management requirements, ISO/IEC 15408; this standard provides the evaluation criteria for the security of information, ISO/IEC 1335; this standard of ISO is related to the IT security management. Among the security standards, a standard named “Payment Card Industry Data Security Standard” is also of worth importance, this standard was basically developed by the credit card companies, it provides with procedure, policies and requirements for information security management, this standard is important because it provides an outline regarding the security network, steps to protect card holder data, regular monitoring and testing of networks and maintaining security policies (www.infosec.gov.hk).

COBIT is also very important security standard and is also the most widely used standard worldwide; this standard is also of worth importance because it covers all the major points related to information security management, it provides plans, procedures, monitoring and evaluation techniques; it is a complete standard (www.coso.org). ITIL (Information Technology Infrastructure Library), it provides the practices that should be adopted by the user for IT Security Management (Arraj. V, 2013).

Information Security Regulations

Regulations and laws regarding information security are followed by every organization, the major US regulations related to information security are SOX (Sarbanes-Oxley Act), COSO (Committee of Sponsoring Organizations of the Treadway Commission), HIPAA (The Health Insurance Portability and Accountability Act), FISMA (Federal Information Security Management Act), FIPS (The Federal Information Security Standards) and others.

SOX is also called as Public Company Accounting Reform and Act for Investor Protection, SOX emphasizes on providing internal control reports, SOX indirectly relates itself to information security management. COSO provides an integrated process for internal controls, it is having five components that are related to control activities, risk assessment and monitoring of processes. HIPAA is related to the electronic health information security and personal health information privacy, HIPAA is important because it provides standards for health information security and also provides guidelines for the record systems that are used for maintaining health information. FISMA is among the very important Legislations regarding the information security, it guides the US Federal Agencies to build and implement plan related to information security. FIPS is also among the important security legislation; it is basically from the series of NIST (National Institute of Standards and Security) and explains the essential requirements of security for the information systems ...