Management and Information Security

Management and Information Security

Introduction

Information security management is the process by which a reasonable, defined level of safety can be achieved for the information and IT services. Information security Management is defined by the customers of IT services or of legal requirements and the promise of manufacturer. In order to have certain level of security, there is an agreed service level agreement. The fact initiated in information security management process has the task of continuous planning, implementation and evaluation of security measures to maintain the defined level of information security (Wittig& Heyer, 2006). Security measures can be related to staff, the organization, the infrastructure and technology. Another task is the appropriate response to security breaches. This paper will be focusing on some of the aspects of information security and management whereas; different questions will be answered in this regard.

Discussion

Management and information security plays an important role at an organizational level that can be associated with any field. The objectives on information security are:

Prevent security breaches by a clear and considered forming any dependencies Security Management

Adequate and well-planned response to security breaches

Merging the security requirements and business needs

Creation of the security plan, including the documentation of requirements

Establishing tolerances for defining an acceptable residual risk

Consideration of strategic, tactical and operational environment

Question 1

The Extended Characteristics of Principle of Information Security Management Six Ps

Information for each company is a valuable asset. It does not matter if they are processed in printed form, as an electronically stored document or by e-mail or other communications. An organization's valuable information can be constant threats and risks. In order to manage this situation effectively, organizations should implement an information security management system (ISMS) (Enkhbold & Niels, 2011). With an international standard on the basis of implementation of innovative technologies, organizations can ensure the safety of their information, manage and continuously improve. Following are the six P's of the Information security management;

Planning

Policy

Programs

Protection

People

Project Management

With the development of information technology and the internet came new threats such as viruses, spyware, hacker intrusion, theft of credit card numbers, identity theft, industrial espionage, which may expose the institution to lose competitiveness, reputation, and large financial losses. More and more often we hear about incidents of breach of information security. In many institutions, many events can be observed that as a result of lack of awareness of workers may lead to distortion, disclosure or loss of important information. Examples of this are poorly prepared or processed data (such as accounting, finance, or project) loss of data media (laptops stick ', CDs, memory cards, flesh), sticky notes with passwords stuck to the monitor, the monitors facing the clients, the documents lying on the desk, which can be taken by an unauthorized person, the documents containing important information discarded in the trash, etc (Chen, Reid & Sinai, 2008). The risk of information loss increases with increasing volumes of information and the use of increasingly sophisticated technology.

Question 2

Planning is the definition of objectives and the functioning of the organization, as ...