Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
The "Standard and its Impact on Information and Communication Technology" paper presents a discussion on ISO 27001 standard that is developed by ISO. The objective is to present an analysis of this standard and how it is being used by the companies in order to ensure the security of their assets. …
Download full paperFile format: .doc, available for editing
Extract of sample "Standard and its Impact on Information and Communication Technology"
ISO 27001 Standard and its Impact on Information and Communication Technology
Author Name
School of Computer Science, Engineering and Mathematics - style "Affiliation"
Flinders University of South Australia
PO Box 2100, Adelaide 5001, South Australia
John.Roddick@flinders.edu.au - style "Email Address"
Abstract
The need to determine information security performance is generated due to some economic, regulatory and organizational reasons. In this scenario, various available policies, rules and guidelines check performance and quality measurement generally, and information security performance measurement primarily, as a basic requirement. In addition, a large number of standards exist today in order to allow the organizations to set up their security priorities and apply measures accordingly. Additionally, there are many organizations that define these standards and guidelines. Some of these standards organizations include International Standard Organization (ISO), Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NITS). This paper presents a detailed discussion on ISO 27001 standard that is developed by ISO. The basic objective of this research is to present a detailed analysis of this standard and how this standard is being used by the companies in order to ensure the security and safety of their significant assets.
Keywords: ISO, NIST, Standard, FIPS, Security, Privacy.
1 Introduction
With the emergence of the new technologies and systems, there has been seen a lot of progress and developments in the Information Communication Technologies and Engineering practice. There is no doubt about the positive effects of technological developments on world’s economy as well as society. But there are a lot of undesirable and adverse effects, such as misused personal information and intellectual property, considerable monetary damages, and possible coercions to precarious structure, community security, and nationwide safety (Burd, 2006). which are sighted now a days. The information is the basic asset of businesses and in ethical terms, it can be called as the intellectual property, which must not be used without taking any authorization from the author of that information.
There have been seen security breaches and misuse of private information related cases seen in Australia (Tow, et al., 2010), such as the case of Vodafone Hutchison Australia where the customer’s private information was misused (OAIC, 2013). Such incidents has exploded the strict requirements for the information security to contest the risks and uncertainties involved, as the information is essence of any business (Tarte, 2003). Employment of the Information Security or putting the information security goal into practice is not a stress-free job, it prerequisites apposite management and governance to ensure the effective security system in any organization. With respect to it, there must be a well-defined policy and standard application which should be pursued for improving the security controls (Berger, 2010).
Dhillon and Backhouse (2000) have contended that in contemporary setting of society and workplaces, where the dispersed control system and excessive information sharing, the systems and technologies are more susceptible to the outer environmental alterations and dynamics (Dhillon & Backhouse, 2000). This needs to build a standard for security of information, which resulted in ISO 27001. The purpose of this report is to discuss the aims and structure of ISO 27001 as well as the impact of this policy or standards on ICT and Engineering Practice. It has two sections, where in the first section, the ISO 27001 standards ix thoroughly explained, and in the second section, the impact of these standards are discussed with respect to the ICT and Engineering practice..
2 ISO 27001
ISO 27001 belongs to the family of ISO 27000, a part of the ISO standards. ISO 27000 provides set of rules and regulations, and guidelines to apply these rules in any organization, which make sure that the information technology is properly managed in the organization. Among these, the ISO 27001 is primarily based on the information security management system. It is grounded on the British Standards 7799. It is impersonal to the technology and any retailer or wholesaler, and an information management standard, which provides an appropriate way of governance in three portions and recommends the elements present in any successful or well-organized information security management system (ISMS). More than the guidance, it offers some important requirements which are needed to be fulfilled in order to get the certification or clearing the audit. So it explains what actually is demanded from the organization to ensure the information security, or with regard to the effective information management system (Calder, 2013).
2.1 Aims of ISO 27001
ISO 27001 standards has following aims and objectives (ISO 27001, 2005):
1. It is aimed to declare and distinct all the particulars to institute, execute, function, monitor, appraise, maintain, and enhance the ISMS documentation right in accordance with the organizations’ specific risks and threats it is facing.
2. It has also the objective of postulating the essentials for application of ‘security controls’ which is also tailored to the requirements of that specific organization.
3. The purpose of the ISMS applied in the organization is to guarantee that satisfactory and balanced security controls are chosen in order to safeguard the most critical capital of organization, which is “information”.
4. It certified that the organizational information is fully secured by fulfilling all the particulars declared in the document, thus aimed to provide guarantee to the stakeholders.
5. It is made for all kinds of organizations in spite of regarding their scope, nature, structure, and kind.
2.2 The Structure of ISO 27001
ISO 27001 has used the process approach which must be applied for the purpose of development, execution, and monitoring of the information security management system. This process approach is well-known as “P-D-C-A model”. This model is the abbreviation of plan, do, check and act, which is applied to the information security management system procedures. This process has four steps which are explained below in context of the information security management system (Calder, 2013).
2.2.1 Plan
It is the planning phase for the information security management system, where the whole system is established. In this phase, the first step is to create the security policy according to the organizations’ strategic objectives. Then the objectives, processes and practices with respect to the information security management system are established. All of the planning is done in consideration with the risk management and enhancement of the information security in order to deliver the best outcomes which are right according to the international objectives and practices of the organization.
2.2.2 Do
It is the execution phase in the information security management system processes. In this phase, the whole system is implemented in the organization according to the information security management system policy defined in the first phase. All controls (technical, procedural, human) are also applied in addition to the ISMS processes.
2.2.3 Check
It is the monitoring and appraisal phase, where the executed policy is checked and appraised. The performance of the executed system is evaluated on the basis of information security management system’s defined policy and also assessing that the aims and objectives are met or not. In addition to this, the performance report along with the applied experience is presented to the management for the purpose of measuring the performance and review.
2.2.4 Act
In this phase the system is maintained and enhanced. After a careful review of the execution phase, the information security management system is augmented by taking remedial actions and precautionary steps. Then all the risks and uncertainties are reviewed and the possible solutions are applied, and along with that the policy is updated with inclusion of new information. In this way, the information management system is updated on the continuous basis and the continuous improvement is attained.
In this way, the process approach or PDCA model ensures the continuous improvement in the information security management system. The ISO 27001 is based on the four clauses from 4th to 8th clause, where the PDCA model is applied. The structure of ISO 27001 started by the general introduction, aims and objectives, as well as the explanation of the scope and application of the information security management system. In this, it is explained that the ISMS system can be applied for any organization and then normative references and basic definitions are provided in second and third clause. Following are the four clauses on which the ISO is based (ISO 27001, 2005):
In the first clause, the PDCA model is required to be applied on the ISMS. The plan for the information security is established, executed, monitored and improved on the continuous basis. For establishment of the ISMS, the scope and limitations, policy according to the organizational characteristics and nature, and the risk evaluation technique have to be defined as set by the clause. The possible threats and uncertainties are to be identified according to the organizational nature, which it possibly face. The whole risk management plan is developed and then sanctioned by the management. The overall plan and implementation documents has to be evaluated and approved by the management. All the documents required for the purpose of controlling the reviews and records are defined by the clause and they are needed to be maintained.
Fifth clause has the requirement of management commitment for application and evaluation of the information security management system. It is essential for the management to be involved in the establishment, implementation, monitoring and review of the ISMS, in order to ensure their commitment to the project. They must ensure the policy is in line with the organizational strategic objectives and also the appropriate communication is to be established for better implementation. Management has to provide proper resources and training budget must also be allocated as the training and development of the security personnel.
Sixth clause involves the internal audit is to be accompanied to make it sure that all the requirements and essentials are met by the information security management system applied to the organisation. It is to review that the ISMS system is executed and controlled effectively or not. All the roles and responsibilities are defined and also evaluated.
Seventh clause involves the management review the whole documents from start to end and compare the planned performance with the actual performance. In this clause, the management review input and output are defined and explained.
At the end, the identified flaws are considered and any corrective steps are taken to combat them. Along with that the clause has also defined some precautionary measures. In this way the continuous improvement is ensured (ISO 27001, 2005).
3 Impact of this standard in ICT and Engineering
The adoption of ISO 27001 has its impacts over the information communication technologies and engineering practice. There are two chief motives for which the ISO 27001 is useful and being critical to adopt. Firstly, there has been emergence of the security issues in the recent years, such as hackers hacking the accounts and collecting sensitive information, and any other misuse of the information. Secondly, there has been increase in the requirements of the regulatory frameworks for the purpose of the safety and security of information (Calder, 2013). With such security breaches, the information security policy is being demanded everywhere, such as a healthcare system also required a security policy for hospitals as argued by Wiant (2006), and it has a positive impact on the information communication technologies and engineering, as it allows a secure platform to share the information (Wiant, 2006). In addition to this, another study conducted on the law firms also resulted in the importance of security management system in the organization, as they contain a lot of sensitive information about the clients, property papers, and trading secrets (Heikkila, 2009).
The ISO has provided with a beneficial framework of the information security, where the information security ISO adoption highly impacts on the ICT technologies. As the Dutta et al (2010) has argued that it ensures the network readiness, which can be defined as the extent of a country or whole nation in terms of taking benefits from the ICT technologies and the engineering practices. This entails that the information security is important for the whole nation, as the nation can get benefits from the ICT technologies if it poses no threats. Thus, the adoption of ISO 27001 can ensure the information security and the more benefits achieved from the ICT technologies (Dutta, et al., 2010; VanWessel & Vries, 2013). Moreover, the importance of cyber security is also realized for the whole country, for that purpose, the Australia has mush focused on the cyber security for national and social security. In Australia, there has been made integrated solutions for the security of the information along with the policies and proper governance (Ahmad, 2013). Therefore, these standards are important for ensuring the benefits from the ICT and Engineering.
4 How to enforce these standards?
The legislation and standard of ‘good practice’ for information security is the leading influence on information security. Additionally, it ensures information security by following a company’s viewpoint, as well as offers a realistic establishment for evaluating corporate data and information systems’ security. In order to effectively implement security management standards and techniques we first need to see the nature of security issues and dangers which an organization is currently facing. In this scenario we need to assess some important security issues those need to be managed and handled through simple security solution. For the management and neutralization of serious security and privacy management aspects we need to build and implement an effective business management policy that could effectively oversee security and privacy related aspect. In this scenario, the basic aim of information security management and standard enforcement is to react against the needs of global security management associations. Another aim is to focus on developing some useful strategies for better handling and managing the security related areas. These are also aimed to imitate the majority of modern thoughts in information management and security based policy application.
5 Role of organizations
Information security legislations and standards are developed by corporations’ IT managers and security administrators. In this scenario the basic aim of these people is to develop such policy that could enhance the corporate working and operational performance. Moreover, for the development of such legislations and standards for business information, data security and policy enforcement business IT manager is aimed at improving the overall system privacy and assuring the better utilization of corporate information resources.
6 Conclusion
The report has presented the overview of the ISO 27001 standards which are aimed to provide the information security management system to ensure the security and safety of the most important asset of the organization that is information. The aims and structure of ISO 27001 has been comprehensively studies. The report has also provided the impact of these standards over the ICT technologies and engineering practice, where it is suggested that with adoption of the security standards, the benefits from the ICT technologies and engineering practices can be achieved far than not adopting the ISO.
7 References
Ahmad, A., 2013. Cyber Security- An Australian Perspective on strategy and governance, s.l.: s.n.
Berger, D., 2010. Introduction to the Management of Information security. In: D. Garza, ed. Management of Information Security. 3rd ed. Boston: Course Technology, pp. 1-36.
Burd, S. A., 2006. The Impact of Information Security in Academic Institutions on Public Safety and Security: Assessing the Impact and Developing Solutions for Policy and Practice, New York: U.S. Department of Justice.
Calder, A., 2013. Information Security & ISO 27001, London: IT Governance Ltd.
Dhillon, G. & Backhouse, J., 2000. Information System Security Management in the New Millennium. Communications of the ACM, 43(7), pp. 125-128.
Dutta, S., Mia, I., Geiger, T. & Herrera, E. T., 2010. How Networked Is the World? Insights from the Networked Readiness Index 2009–2010, s.l.: The Global Information Technology Report.
Heikkila, F. M., 2009. An analysis of the impact of information security policies on computer security breach incidents in law firms, s.l.: The ACM Digital Library.
ISO 27001, 2005. Information technology — Security techniques — Information security management systems — Requirements, Geneva: ISO copyright office.
OAIC, 2013. Guide to information security, Canberra: The Office of the Australian Information Commissioner.
Tarte, J., 2003. The Need for Information Security in Today’s Economy, Bangalore: SANS Institute.
Tow, W. N.-F. H., Dell, P. & Venable, J., 2010. Understanding information disclosure behaviour in Australian Facebook users. Journal of Information Technology , 25(1), pp. 126-136.
VanWessel, R. M. & Vries, H. J. d., 2013. Business Impacts of International Standards for Information Security Management. Lessons from Case Companies. Journal of ICT Standardization, 1(1), p. 25–40.
Wiant, T. L., 2006. Information security policy's impact on reporting security incidents. Computers & Security, 24(6), p. 448–459.
Read
More
Share:
CHECK THESE SAMPLES OF Standard and its Impact on Information and Communication Technology
At the same time, fundamental changes in lifestyle of people and nutrition have reflective an impact on the life length and quality of daily life.... Thus, it is quite reasonable to assume that the changes in availability and ubiquity of information through IT have excessively large impact on healthcare professions.... Information technology (IT) has the capability to develop the excellence, safety and competency of healthcare.... Presently, the sophisticated medical technology has added to the increasing tendencies in healthcare expenditures of people....
This department sets and enforces standards that impact on the wireless technology sector.... DASH7 Alliance together with experts from International Standards Organization developed DASH7 standard which have a significant impact on wireless communication technologies.... WIRELESS technology Name Institution Wireless Standards International Standards of Organization has many departments that specialize in various fields to check the standards of various goods and services in the world....
is of the influence as well as impact on the travel business normally comprising the varying requirements of the customers (like that awareness in foreign destinations, or move through superiors), augmented opportunities in terms of value and ease, and more and more So the transportation business and system is being basically changed through new evolutionary information systems and information technology.... At present the new and innovative trend of information technology and information systems application to the business are influencing all the sectors of life as well as the businesses....
econdly, the heavy reliance of industry on information technologies has called for an all times up business network infrastructure to provide guaranteed connectivity to its workforce for accessing resources.... The paper "Implementing Wi-Fi technology in an Industrial Environment" describes that the proposed solution for the provision of WiFi connection services will enhance corporate productivity and will ensure its rapid growth through better communication and improved operations management....
The three standards play an important role in the information and communication sector.... The development of this infrastructure must be informed by the need to create an affordable and sustainable platform for communication.... However, it is important to determine the standard with the most impact.... The International Standards Organization is the largest and most effective developer of standards that have a global impact....
This paper 'Bluetooth Technology' purposefully focuses on the following: The general history of Bluetooth; how Bluetooth relates to the OSI Model (ISO/IEC 7498-1) at the physical, data link, and application layers; the areas of application; and its future prospects.... This paper purposefully focusses on the following: The general history of Bluetooth; how Bluetooth relates to the OSI Model (ISO/IEC 7498-1) at the physical, data link, and application layers; the areas of application; and its future prospects (Hp Corporation, p....
The paper "Impacts of communication technology" describes that the human race is becoming more intelligent, well-connected and knowledgeable than they were 200 years ago.... The generation growing up in the age of communication technology is becoming addicted to information implosion.... communication technology dimension allows everyone to have their say which also awards them the privilege to run campaigns and businesses.... Both the parties; the one who is receiving information and the one who is sending information, have way too much leverage....
This case study "Impact of Changing Technology on Integrated Marketing Communications" thoroughly analyzes the impact of advanced technology on Integrated Marketing Communications since it is totally based on building relationships and communication.... In this study, the impact of advanced technology on IMC will be thoroughly analyzed since it is totally based on building relationships and communication.... Information technology has brought forth new changes to traditional marketing strategies....
7 Pages(1750 words)Case Study
sponsored ads
Save Your Time for More Important Things
Let us write or edit the research paper on your topic
"Standard and its Impact on Information and Communication Technology"
with a personal 20% discount.