StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Information Security Framework - Essay Example

Cite this document
Summary
The paper "The Information Security Framework" highlights that in modern days, cyber-attacks and information security breaches are common and are increasing day by day. Therefore, it is important for all organizations to focus on information security…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.9% of users find it useful
The Information Security Framework
Read Text Preview

Extract of sample "The Information Security Framework"

Recommended sound security control practices (e.g., people, process, technology).
A guide to help reconcile the framework to common and different aspects of generally adopted standards (e.g., COBIT, HIPAA, etc.).
An analysis of risk or implications for each component of the framework.
A guide of acceptable options or alternatives and criteria, to aid in tailoring to an organizations operating environment.
A guide for implementation and monitoring.
Toolset for organizations to test compliance against the framework (HITRUST).
A complete security framework comes down to three well-known basic components: people, technology, and procedures. When these three elements are correctly assembled such as the people, technology, and process fundamentals of an information security program work together to secure the environment and stay consistent with the organization’s objectives. Diagram 1.1 shows the idea of people, processes, and technology. Figure 1.1 The policies and the practices in any organization are established by the Information Security framework. . tics of The Sarbanes-Oxley Act are the Creation of the Public Company Accounting Oversight Board (PCAOB) It is a five-member board that is established by The Sarbanes-Oxley Act to control the auditing profession.

The PCAOB locates and imposes auditing, quality control, ethics, independence, and other related audit reports. New rules for auditors Significant information to the organization’s audit committee must be provided by the auditors. This includes critical accounting policies and practices, alternative GAAP treatments, and auditor-management disagreements. The CPA Auditors are forbidden from performing certain non-audit services for example bookkeeping, information systems design and implementation, internal audit outsourcing services, management functions, and human resource services for audit customers.

Services are not offered to publicly held companies by audit firms. New roles for audit committees Audit committee members must be listed on the organization’s board of directors and be independent of the company. However, At least one member of the audit committee must be a financial expert. The audit committee appoints, compensates, and supervises the auditors, who report directly to them. New internal control requirements Section 404 of SOX needs visibly held companies to issue a report associated with the financial statements that reveal management's responsible for establishing and maintaining enough internal control structure and appropriate control procedures.

The report must also enclose management’s assessment of internal controls. Question 3 The challenges are alarming for management in providing information security. Information system assets are substantial even for small organizations including data 

bases 5 and files related to personnel, company operation, financial matters, etc.

Question 4

After the mapping of the information security framework, it is revealed that the selected framework maps well with the Company’s information security framework. The only dissimilarity between the two frameworks is that the roles and responsibilities of the drivers are different. Even though the company has a suitable information security framework in place but there are a few suggestions as follows:

Training:

To create an invasive security environment, the significant information security to the organization must be widespread. To strengthen the behavioral changes, several approaches may be undertaken. The workforce should be trained in security awareness and suitable Security practices (Sipior & Ward, 2008). Also, consultants should be made responsive to all the policies and procedures.

Password Policy:

The ABC Company has a password policy in place but they have not implemented the Password policy. The password policy is a significant security criterion.

Confidentiality agreement:

No confidential agreements with third-party contractors are present in many cases. For instance, in a few organizations, the consultant has to sign a confidentiality agreement if he joins the client’s location.

Physical security:

Physical security is not available for computer systems. The organization must have some kind of locking system that can help to control stealing PCs or hardware.

Information is considered the core element or vital asset in any organization. A well-established information security framework is needed to protect the information in any organization. However, it is also taking into consideration that in any organization, the information security framework is an ongoing process. To ensure the adequate protection of information resources, continuous enhancements in response to environmental incidences or interviews are required (Ezingeard & Bowen-Schrire, 2007). To assess the capability of current practices, measuring and reporting risks, control issues, and vulnerabilities are compulsory (Purtell, 2007).

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“IT Security Policy Framework Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1467074-it-security-policy-framework
(IT Security Policy Framework Essay Example | Topics and Well Written Essays - 1000 Words)
https://studentshare.org/information-technology/1467074-it-security-policy-framework.
“IT Security Policy Framework Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1467074-it-security-policy-framework.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Information Security Framework

Technological Achievements that Led to FISMA and COPPA

It also requires of them to improve The Information Security Framework that is the plan of how they will improve the networks and finally the act includes a set of directives that govern agencies' security responsibilities and how to adhere to the law (NIST, 2002).... This can be seen clearly from the enactment of various legislations that are aimed at protecting security and privacy such as the Federal Information Systems Management Act (2002) and the Children's Online Privacy protection act (1998)....
3 Pages (750 words) Essay

Cloud Computing Storage Issues

These data centers pose several threats and security risk that may impact these data storage machines.... Cloud computing delivers numerous benefits along with many security vulnerabilities that are classified as: Customary security Availability Third Party security Virtual Machine Issues This type of security is associated with the threats applicable on connecting the workstations to the cloud.... Organization's authentication and authorization policy do not addresses cloud security issues....
8 Pages (2000 words) Literature review

Confidentiality, Integrity and Availability Triangle, Information Security Policy

It is quite essential to state that there are various companies that utilize both security models along with an information security framework.... From the paper "Confidentiality, Integrity and Availability Triangle, information security Policy" it is clear that security models generally relate to the various schemes that are enforced and specified for the implementation of the security policies in the organizations.... information security is considered to be the most important aspect in the field of information technology as it widely emphasizes the broad aspect of protection of information along with ensuring unauthorized access....
10 Pages (2500 words) Assignment

Information Security Management Frameworks

The paper "information security Management Frameworks" states that the KDC searches the client's master key depending on the client's password.... It defines essential elements of an effective information security program without infringing the borders of law and other regulations governing it.... The situation gets worse when such vices are channeled toward the information system targeting patients with life-threatening conditions.... The purpose of this program plan is to outline an efficient framework that will guide the healthcare industry in enhancing its cyber security and obtaining appropriate but cost-effective insurance coverage....
4 Pages (1000 words) Essay

Human Factors and the Insider Threat

The paper "Human Factors and the Insider Threat‎" describes that the cyber attacks on the company are increasing, and there is a need to adapt The Information Security Framework.... Cyber security is a framework that enables users to protect their cyber assets by preventing, detecting, countering, and recovering cyber incidents (Mehan, 2008).... They have an effective defense system that monitors the cyber activities of all the employees giving them the security of their personal information....
5 Pages (1250 words) Research Paper

Comparisons of Information Security Management Frameworks

Information management security frameworks are developed and founded on a structured set of independent recommendations, processes as well as practices predominantly from the information security Management System Standard (ISO 27001).... From the paper "Comparisons of Information Security Management Frameworks" it is clear that choosing a specific IT security framework can be informed by more than one dynamic with the form of industry or the requirements of compliance being some of the deciding aspects....
4 Pages (1000 words) Research Paper

The Collection of Digital Information

This makes it possible for external parties to interfere with the information on the company server.... This report examines that various guidelines, which should be considered by a company in developing a business process framework and procedure manual which will help the company to safeguard its digital information which can serve as digital evidence in case of computer crimes.... In formulating and implementing the framework, this research paper presents the guidelines and the policymaking process that should be followed in order to manage digital evidence in the organization (Weber, 2009)....
12 Pages (3000 words) Coursework

Computer Forensics Issues

These digital devices are portable hence can be carried from one place to another interfering with information security.... There has been an increase in cases of digital crimes, resulting from poor information security systems and poor evidence gathering in these organizations.... Moreover, the fact that the small digital evidence is portable means that anyone can get away with it and interfere with the information in the device or the device itself....
13 Pages (3250 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us