Information Security Planning - Essay Example

The company needs to be prepared to combat virus attacks, ingress of unsolicited visitors and possible attacks by competitors on the company's information bank. To provide a safe and working repository of information, it is essential that the company has a well-planned security policy in place. 2. The information security should be compliant to IS 17799 standards. This would bring about periodic security audits and would also ensure that there is a clear security policy in line with the objectives of the company. 3. To ensure that there are a well-defined acceptance criterion and milestones for every security measure and that this adhered to.

And that these criteria and the milestones are in line with the cost and budgeting dictated by the management of the company and to develop a comprehensive information security education policy. 4. To ensure that the company is in a state of readiness to combat potential disasters. Prevention and identification of crime, fraud, and theft in the workplace by ensuring both physical and logical security. A security review or audit is done to identify the existing security, the degree of protection needed, locate the weaknesses in the system and recommend security steps that are needed.

This should also throw out information that has to be secured. Out of the list of jobs that need to be done for the security betterment a priority list is to be made in order of importance for security and the tentative cost for effecting the same. Priorities are laid down based on the company objectives and policies that are critical to company targets. In some of the locations, virus attacks could be frequent and these need to be countered on a priority basis maybe because they are eating out on the productive time of the employees of the company and data get lost.

In some cases, it might be that the data is getting out of the company through physical means in the form of CDs or flash drives. 3Establish the feasibility of implementing.A comprehensive list of jobs that has to be carried out and their feasibility in the company needs to be established and accordingly, the 'what-is-possible' list is produced.4Identify whether the planned actions will fit into the budget.Based on the priority and the feasibility list the plan is further fine-tuned with another constraint namely, the budget.

If the budge should allow then the needed actions may be done, else they get pruned.5The need for security is to be fixed.Based on all these factors, the needs for the security are finally fixed and then the requirements are made into one single list.6Fix the responsibility for implementing.Using this list, it is important that the responsible person for each activity is fixed and the same is implemented through that specific person.7Train the people in the company and create a secure culture.