StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Summary (Information Security Management ) - Essay Example

Cite this document
Summary
1. Comparison of ISO/IEC 27001 and NIST Document Outline ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management. It does not mandate specific information security controls but stops at the level of the management system…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.9% of users find it useful
Summary (Information Security Management )
Read Text Preview

Extract of sample "Summary (Information Security Management )"

Comparison of ISO/IEC 27001 and NIST Document Outline ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management. It does not mandate specific information security controls but stops at the level of the management system. In contrast, NIST provides guidance on design and implementation of new security systems; use it as a supplement to gain a deeper understanding in the background and terminology. ISO/IEC 27001 requires that management should systematically examine the organization's information security risks, threats, vulnerabilities and impacts.

To address those risks that are supposed to be unacceptable ISO/IEC 27001 suggests modeling and application of rational and comprehensive suite of information security controls. Comparatively, NSIT lays out on security management by identifying 17 controls organized into three categories: The Management Control section addresses security topics that can be characterized as managerial. The Operational Control section addresses security controls focusing on steps that are, broadly speaking, implemented and executed by people (as opposed to systems).

The Technical Control section implicates on security controls that the computer system executes. Main advantage of NSIT document is network-based IDSs, which are usually passive devices that do not interfere with the normal operation of a network, are very secure against attack and even made invisible to many attackers. A major weakness here is, Network-based IDSs may have difficulty processing all packets in a large or busy network therefore, may fail to recognize an attack launched during periods of high traffic.

The scope of NSIT is limited as it lacks, especially in the area of time defined as “heavy traffic”. In switches that do provide monitoring ports, often the single port cannot mirror all traffic traversing the switch and Network-based IDSs cannot analyze encrypted information. 2. Best Security Practices at the Microsoft IT’s Information Security (InfoSec) and Yahoo! Infosec at Microsoft implies assessing environment to determine specific network security needs, focusing on establishing a process to identify and analyze security risks on an ongoing basis, the risk of starting projects that are not solving biggest security problems.

Secondly, it emphasizes on network protection revision of firewall installation, to ensure that the precise rules and processes to implement and maintain them are still valid .Thirdly, to protect servers and client, Infosec checks to make sure that up-to-date antivirus software on all of the servers and clients are deployed. It suggests that users should always have a backup and recovery strategy in place to restore services and data in an acceptable period of time. Lastly, environment should be monitored by establishing a proactive strategy that audits network to identify configuration of the systems.

They should meet organizational standards and best security practices. Regular revision of client and server logs to track common attack patterns is also very important. Microsoft implicates threart analysis and modeling, thereafter, eradication of threats using security tools. The steps taken at Yahoo! 1 to protect unauthorized access of the information are different from that at InfoSec.Though no data transmission is guaranteed to be 100% secure, Yahoo suggests using Secure Socket Layer (SSL).

This is a kind of encryption, where an icon resembling a padlock is displayed on the bottom of most browsers window during SSL transactions involving financial services. At the time of making payments using credit cards and other forms, customer has to follow certain verification steps like entering credit card number. The information provided is encrypted securely at servers and is shown only as asterisks.Maintaineance of reasonable physical, electronic and procedural safeguards accorded with federal regulations is another secure storage step. Yahoo! prefers working with vendors and partners to maintain sound security .

The employees who come in direct contact with customers to provide products and services related information are abstained from accessing personal information section. Last but not the least Yahoo conducts company-wide education and training programme to constantly educate employees about information security management. To enhance personal safety Yahoo! recommends customers to be vigilant in choosing passwords with maximum strength, updating antiviruses,spywares while, interacting online with strangers.

Reference 1. Yahoo! Inc. (March 28, 2002). Yahoo! Privacy Policy. Retrieved from http://privacy.yahoo.com/privacy/us/security/details.html

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Summary (Information Security Management ) Essay”, n.d.)
Retrieved from https://studentshare.org/other/1409459-summary-information-security-management-
(Summary (Information Security Management ) Essay)
https://studentshare.org/other/1409459-summary-information-security-management-.
“Summary (Information Security Management ) Essay”, n.d. https://studentshare.org/other/1409459-summary-information-security-management-.
  • Cited: 0 times

CHECK THESE SAMPLES OF Summary (Information Security Management )

The US Department of Veterans Affairs

information security Program Survey: US Department of Veterans Affairs (VA) Executive summary The United States Department of Veterans Affairs (VA) is government powered departmental system for providing services for the wellbeing of military veterans, their families, and survivors.... Recently, the VA has implemented the Continuous Readiness in information security Program (CRISP) to enhance the privacy of information about Veterans and their families.... This information security program greatly fits the VA's FY 2010-2014 strategic plan because this program notably contributes to value optimization and stakeholder satisfaction....
4 Pages (1000 words) Essay

Network Security

ulnerabilities due to designs flaws,poor security management can contribute to the loss of company assets… With the dramatic growth in network reliance also comes the opportunity for illegal and malicious activity.... Vulnerabilities due to designs flaws, poor security management, incorrect implementation, and malicious intent can all contribute to the loss of company assets.... The Internet has become a staple of the business world today It is because of this that a company should remain continually up to date with the latest security measures....
3 Pages (750 words) Case Study

The Unification of Information Security Program Management and Project Management

The breakthrough of the new technology and the aim of any organization or enterprise to achieve development and better service have pushed the unification of information security Program Management and Project Management.... As more organizations follow the trend of the new age, more and more people are learning to navigate in the field of information security so that they can supply each other the competence they need.... In light of the mentioned union, his paper will discuss the risks brought about by the new technology, the tasks to be dealt with in developing the Enterprise information security Program, and the adherence to executing risk management....
5 Pages (1250 words) Article

Information Security Managment

It is working in excess of 3700 stores overall and utilizing in excess of… Tesco works in 13 nations outside the UK. The appraisal of the organization will guarantee that the organization gets to be more secure and more trustworthy and that all the security risks are distinguished and wiped out.... The IT office directed a security review inside the firm to use the methodology and guaranteed successful evaluation of the usage of meetings surveyed by the different departmental heads2....
20 Pages (5000 words) Essay

Business Plan Project for a Security Guard Company SecureIT

The study describes the business plan project for a security guard company SecureIT.... hellip; The company aimed at providing quality security services that will cover the provision of guards to different premises, conducting private investigations and the provision of consultancy services to the customers.... Its marketing strategy focuses on the provision of a website for communication and a high tech system that provides support for gaining the necessary intelligence for security purposes....
9 Pages (2250 words) Case Study

Food Security in Brazil

This work "Food Security in Brazil" describes the management of food and food security in Brazil.... In general, the report will help to come up with better methods of food management and thus increase food security.... The causes of food insecurity in most developing countries are mostly due to poor management and the implementation of policies.... Since food security remains a chronic issue, it is also better to understand the economy of Brazil and how trade enhances food production in the country....
6 Pages (1500 words) Coursework

How Is Information Made Secure and Why Is This Necessary

… The paper “information security – Importance, Internal Dangers, System Administrators, Effective Security Configuration” is a fascinating literature review on information technology.... information security has a very important role in the role of privacy of the data (Brain, 2009).... The field of information security has developed over the years to now where we have many ways of securing data.... The paper “information security – Importance, Internal Dangers, System Administrators, Effective Security Configuration” is a fascinating literature review on information technology....
7 Pages (1750 words) Literature review

Making a Security Strategy for Securing Client Details of BioMed Company

… The paper "Making a security Strategy for Securing Client Details of BioMed Company" is an excellent example of a case study on information technology.... The paper "Making a security Strategy for Securing Client Details of BioMed Company" is an excellent example of a case study on information technology.... The company requires an intelligence security manager to secure information from hackers.... According to the security manager, the company should use private data that will protect its information....
13 Pages (3250 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us