Security Legislations and Standards - Essay Example

?SECURITY LEGISLATIONS AND STANDARDS Security Legislations and Standards Affiliation According to Chew et al (2008), the need to determine information security performance is generated due to some economic, regulatory and organizational reasons. In this scenario, various available policies, rules and guidelines check performance measurement generally, and information security performance measurement primarily, as a basic requirement. Some of the well known examples of these rules and regulations comprise the Clinger Cohen Act, the GPRA (Government Performance and Results Act) and FISMA (Federal Information Security Management Act). Seeing that these rules, policies, and regulations are very important for the measurement of information security, thus including them for the information security performance management is useful for the businesses (Chew, Swanson, Stine, Bartol, Brown, & Robinson, 2008). This paper discusses the various aspects of Security Legislations and Standards. Legislations and Standards Serving their Purposes Global information security management guidelines play a significant role in organizing and determining organizational information system security. In this scenario, organizations use various rules and guidelines (such as BS ISO/IEC17799: 2000, BS7799, SSE-CMM and GASPP/GAISP) in order to determine and compare how authenticated their strategies are, and how extensively they are implemented. However, it is discovered that BS ISO/IEC17799: 2000, BS7799, SSE-CMM and GASPP/GAISP were general or common in their scope; as a result they did not focus on the dissimilarities exist between organizations and the reality that their safety needs are exceptional. In addition, according to the research those security strategies were authenticated by application to extensive capability thus it was not a dominant foundation for significant global information security strategy. Thus, to cope with these limitations, it is assessed that information security management strategy should be observed as a library of policies material on information safety management for the committed companies (Siponen & Willison, 2009). In this scenario, organizational directed security standards are different in intensity of concept. In addition, they differ from slack structures for security management (for example GMITS), to a record of security essentials i.e., " perform that, don’t carry out that" (for instance standards like BS7799 1993, IT Protection guide 1996), that look like those in list of tasks or responsibilities (for instance "clients should implement passwords whose length is more than 8 characters) that inserted security to information system in a mark in the pack way. Furthermore, development standards also encompass a public level function, as they offer the safety “development” rank to the business (Siponen & Willison, 2009). How to enforce these Legislations and Standards? The legislation and standard of ‘good practice’ for information security is the leading influence on information security. Additionally, it ensures information security by following a company’s viewpoint, as well as offers a realistic establishment for evaluating corporate data and information systems’ security. In order to effectively implement security management standards and techniques we first need to see the nature of security issues and dangers which an organization is currently facing. In this scenario we need to assess some important security issues those need to be managed and handled through simple security solution. For the management and neutralization of serious security and privacy management aspects we need to build and implement an effective business management policy that could effectively oversee security and privacy related aspect. In this scenario, the basic aim of information security management and standard enforcement is to react against the needs of global security management associations. Another aim is to focus on developing some useful strategies for better handling and managing the security related areas. These are also aimed to imitate the majority of modern thoughts in information management and security based policy application. Furthermore, the information security legislations and standard are becoming associated with other standards, like that COBIT v4.1, ISO 27002 (17799) and PCI/DSS (ISF Security Standards, 2007). How to develop Security Rules and Regulations? Information security legislations and standards are developed by corporations’ IT managers and security administrators. In this scenario the basic aim of these people is to develop such policy that could enhance the corporate working and operational performance. Moreover, for the development of such legislations and standards for business information, data security and policy enforcement business IT manager is aimed at improving the overall system privacy and assuring the better utilization of corporate information resources (Bruhn & Petersen, 2003). Difficulties in making security legislations and standards We can face various difficulties and challenges while developing and implementing legislations and standards. In this scenario the most important issue could be related to cost of such security management policy and standard development and implementation. In addition, we can face security policy and standard governing aspects and issues. Next we could have the suitable management issues in case of security policy and standard development and application at all the levels of organizations. In this scenario, most of the corporate arrangements do not encompass effective human resources in order to properly manage and handle such security legislations and standards. In addition, these factors also demand management’s extensive concentration for the enforcement of such standards. Moreover, there is a dire need to deal with continuously increasing security dangers. In this scenario we need constant improvement and development programs that need additional cost and resource for enhanced management of security legislations and standard development and their practical implementation (Bruhn & Petersen, 2003). References Bruhn, M., & Petersen, R. (2003). Policy Development for Information Security. Retrieved March 20, 2011, from http://net.educause.edu/ir/library/pdf/pub7008i.pdf Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008, July). Performance Measurement Guide for Information Security. Retrieved March 19, 2011, from National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf ISF Security Standards. (2007). About the Standard of Good Practice. Retrieved March 18, 2011, from http://www.isfsecuritystandard.com/SOGP07/index.htm Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions . Information and Management Volume 46, Issue 5, pp. 267-270. Read More