Information Security Governance Description

1130 Words3 Pages
bulb-icon

Recommended: Importance Of Information

In a company, a senior management needs to address management tasks and have an information security governance. The information security governance (ISG) is a way for a company to protect information in the information systems. According to Grama, the responsibility of the ISG falls on the executive management team to protect the information assets, (p. 373, 2011). The company will need to have its information security goals align with its business needs to help protect information. For example, a company needs to make a profit to stay in business and it should include goals to protect information from hackers. If a company gets a reputation of having security breaches, people would not want to do business with the company and they would lose profits. The CIA triad of confidentiality, integrity, and availability can be used by the ISG to meet the goals. Confidentiality is to protect information by allowing the correct people to have the permissions to access and use information. Integrity makes for the information is accurate and changes cannot be made to the information without the correct permission. Availability is making sure the information systems are always up and that information can be accessed. There are many tasks that senior management needs to address such as to make sure everyone understands the needs for the security of information to be governed. This can be done by informing the board and other senior management who may not be as familiar with information systems, how the threats and damage form the threats can disrupt operations and profits in the company. Another task for senior management to help with the development of the security framework by creating policies, standards, procedures, and guidelines. Thes...

... middle of paper ...

... also need to address external governance in which the company needs to include into their own to conduct business with other companies. A training program will need to be put in place and approved by management and the training program would be easy for employees to understand.

Works Cited

Grama, A. (2011). Legal issues in information security. (p. 373).

Burlington, MA: Jones & Barlett Learning.

Schreier, Jason. (2011 May 23). Sony estimates $171 million loss from PSN hack. Retrieved from http://www.wired.com/gamelife/2011/05/sony-psn-hack-losses/

Tung, L. (5 March 2014). IT security governance: boards must act. Retrieved from http://www.zdnet.com/it-security-governance-boards-must-act-7000026336/

Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 232). Boston, MA: Cengage Learning.

Show More
Related

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Building A Better Mis Trap Case

    739 Words  | 2 Pages

    In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).

    Read More

  • Security At Center Stage: Article Analysis

    713 Words  | 2 Pages

    The article “Security at Center Stage” depicts five secrets to a CSO’s success; it outlines the attributes needed to obtain success in the evolving field of security management. With the evolving role of a CSO there is a great necessity to satisfy all levels of need in the security and business setting. According to the article “Security at Center Stage” a CSO’s success is contingent on being “more that the average techie”, having a “focus on business”, being a “relationship builder”, requiring “an eye toward pervasive security”, and implementing a “dual reporting structure.”

    Read More

  • Indiviual Privacy vs National Security

    1175 Words  | 3 Pages

    Tomescu, Madalina, and Liliana Trofin. "Identity, Security and Privacy in the Information Society." Contemporary readings in law and social justice 2.2 (2010): 307-12. Print.

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • Ethical Hacking: The Different Types of Hacking

    819 Words  | 2 Pages

    Michael T. Simpson, K. B. (2010). Hands-On Ethical Hacking and Network Defense, 2nd Edition. In K. B. Michael T. Simpson, Hands-On Ethical Hacking and Network Defense, 2nd Edition (pp. 2-6). Boston: Cengage Learning.

    Read More

  • Professional Development

    1362 Words  | 3 Pages

    Important steps in this phase include providing the budget dollars, identifying the full training content and level, selecting the training type, identifying the training provider, and the timing of the training. It is important that we communicate our well-formulated plan throughout the organization. The communication to staff will be clear that management is fully behind the training initiative, and all levels of the organization support it. The training must be communicated to all employees as a must have, from the top down. It is an essential component to the future success of our company.

    Read More

  • Disadvantages and Advantages of Encryption

    647 Words  | 2 Pages

    Arthur Conklin, G. W. (2010). Principles of Computer Security: CompTia Security+ and Beyond. Burr Ridge, Illinois: McGraw-Hill.

    Read More

  • The Importance Of IT Governance

    1336 Words  | 3 Pages

    IT governance is an important concept in the information technology. The IT governance structure lays out the level of authority, decision-making process and the way issues are resolved. It ensures that companies stay on track to achieve their strategies and goals, implement good ways to measure IT’s performance, and shows what key metrics management needs and what return IT is giving back to the business from the investment it’s making (Schwartz K, 2007). IT governance helps to achieve cooperation between business and IT, and IT involvement of senior management (De Haes S, 2014).

    Read More

  • Importance of Training and Mentoring

    1227 Words  | 3 Pages

    We believe that, as a means for you as our employee to expand into a winning professional, two types of schooling in business and interpersonal maturity should be in place. We understand that business is important. However, the success of a business is contingent on our employees’ personal and professional development. We want our employees to have fun in their daily work and in their training. Objective of the Training The reason for the training program is to pair the trainee with a mentor in order for the trainee to become more knowledgeable about the products and services that we provide. With a mentor, the trainee has instant access to a person who can answer questions and concerns. The training program provides the trainee with other important information including the following: the company history, features and benefits, compliance standards, contract related training, computer/software training, leadership training, customer service, communication, and regulations.

    Read More

  • CyberCrime: Preventing the Horrific Crimes on the Internet

    1424 Words  | 3 Pages

    Harvey, Brian. A. Computer Hacking and Ethics. Ed. Paul Goodman, P.G., a.k.a. Electrical Engineering and Computer Science.

    Read More

  • Increase of Internet Piracy and Hacking

    1005 Words  | 3 Pages

    Wehner, Mike. “Sony lost $171 million due to PlayStation Network downtime”. Tecca. Tecca, 23 May 2011. Web. 27 March 2012.

    Read More

  • Information Security Polices

    906 Words  | 2 Pages

    Information security policy is crucial to information safety. Lack of a security policy is an evidence of lack of direction and amounts to anarchy. The areas that should be touched by security policies include business and operations. The senior management is required to back securities policies and ensure it is succinctly written in order to avoid marginalization of information security efforts (Puhakainen, 2006). If senior management fails to openly support the policy, implementation may be difficult because it is the management that provides funds and guidelines for further

    Read More

  • Strictest Code Of Ethics Essay

    1234 Words  | 3 Pages

    In 1986, Richard Mason defined the necessary ethical guidelines for proper and moral handling of information, and the technology that supports that information. He defined these ethical guidelines as PAPA, which refers to Privacy, Accuracy, Property, and Accessibility (Mason, 1986). With the rapid expansion of information technology, these core ethical principles have become more important than ever, in both personal and professional environments. Unfortunately, the rapid expansion of information technology presents a host of new and unprecedented challenges to these ethical strategies. As an aspiring network administrator, adherence to this core code of values is imperative. Despite the fact that the Fourth Amendment to the Constitution was designed to protect the privacy of individuals, new methods, laws, and policies are necessary to protect the privacy of information. Likewise, accuracy is essential as a student of information technology, as well as in the networking industry. Furthermore, in an age where intellectual property is often far more valuable than physical property, ethical concerns regarding property must be analyzed, and addressed in a proper manner. Finally, as a network

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

More about Information Security Governance Description

Open Document