Due to globalization and gains, more and more enterprises are becoming reliant on Internet and information systems. But, it comes with information security risk. Organizations have become aware of security breaches and attacks due to vulnerabilities, technical issues, etc. and are investing in IS measures (Bojanc & Jerman-Blazic, 2013).
As per Glazer (1993, as cited in Doherty & Fulford, 2005), information is a strategic asset for the organizations used in strategic planning, daily process control and judgements.
The paper provides a comprehensive study of existing literature to sketch an unclouded picture of vital fundamentals of protecting enterprise information asset. The paper spotlights the need of ‘gap analysis’ between ...
... middle of paper ...
...d party contracts should have security policies documented when accessing business information (Alexander et al., 2013).
Top management should be involved in and should stay with security decisions. This is critical as most decisions are for outsourcing and partner firms (Johnson & Goetz, 2007).
2.2.5 Information Security Risk management
Risk management means identifications of risks, accessing their probability and then using measures to cut them down. The objective of IS risk management is to specify the relevant controls. The selection of IS controls for risk management depends upon certain factors like initial implementation and maintenance costs, global acceptance of controls for multinational enterprises, etc. (Peltier, 2013).
Risk assessment comes under BIA (Business impact analysis) and gauging the probability and losses by a threat (Alexander et al., 2013).
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- According to Wilshusen, information systems security plan refers to a formal plan that gives descriptions of the plan of action to secure an information system of an organization or business enterprise. The plan offers a systematic approach and methods for safeguarding information technology items of an organization from being accessed unauthorized users, guards against viruses and worms in addition to any other incidents that may jeopardize the underlying information system’s security (Wilshusen, 2011).... [tags: Information security, Computer security, Security]
1380 words (3.9 pages)
- Question One A security program needs to be layered at every level of the organization. Having a layer of security missing in the program could result in the jeopardizing of the entire framework. Each layer is meant to support and protect the other layers set in place. (Harris, 2012, p. 35) According to SANS Institute there are at least five elements that are crucial to a security program. The first element is to periodically assess risk. In this element, the goal is to compile and understand the risks from a completed threat assessment, vulnerability assessment, and asset identification.... [tags: Information security, Security, Computer security]
881 words (2.5 pages)
- ... It is up to the organization to determine what levels of access or levels of restriction should be in place on employees and contractors post-hire. These levels should be identified prior to the hiring process to drive how thorough the candidate screening should be. The amount of background checks and reference checks for a waiter at a restaurant may not be as thorough as those of a candidate for a network engineering role in the restaurant’s corporate headquarters IT department. Once a position’s scope of work and access has been determined, the job must be posted to receive responses from interested candidates.... [tags: organization's human resource department]
994 words (2.8 pages)
- Information security refers to all of the approaches and policies designed to protect a corporation’s information and facts machine from unauthorized access, use, disclosure, disruption modification, or destruction. it 's a standard term that may be used regardless of the shape the data might also take. As for information protection, people typically divided it into two components, which are the IT safety and facts assurance. Sometimes referred as computer security, information technology security has been information security applied to technology, which most often some form of computer system.... [tags: Computer, Computer security, Information security]
983 words (2.8 pages)
- Institutions of higher learning are increasingly using Information and Communication systems in administration, teaching, learning and research. This infrastructure needs to be available, secure and well protected. It therefore becomes crucial for information security practitioners in public universities to implement effective information security programs. Information security focuses on technological issues and important elements of an organization such as people, process, business strategies etc., which also mandates the need for information security.... [tags: Information security, Security, Computer security]
1097 words (3.1 pages)
- The famous cryptographer Bruce Schneier once said that “[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of Information Security Management is employed by businesses through a variety of standards, best practices, and frameworks to combat this issue. Their adoption of best practices in the public domain allows businesses to strive for improvements through their own interpretation. These best practices are sourced from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma, or ITIL.... [tags: Information security, Security]
1160 words (3.3 pages)
- Information security for modern enterprises Nowadays, life of the person has totally changed due to technology in this in internet plays an important role to give the new life style. In this new generation every things done by the internet with in seconds and no matter how work is large or small. In every business securing enterprise information has never been more challenging. Because new generation fully educated with technology and revolutions. The technology has set the main goal on to youth of the every nation in all around the world because they are sharp minded.... [tags: Security, Information security, Computer security]
1381 words (3.9 pages)
- Security requirements of the organization First we will ensure that the system is physically secured. The room that will house the server will be in a secured area with multi-leveled security such as a keypad and additional locks. The room will have an air conditioner to ensure that the system remains cool and secured. Once the routers have been configured and secured, the next thing we will put in place is ACL list. This list would restrict movement and access to files that are not related to the job description.... [tags: Information Technology ]
1046 words (3 pages)
- Reasonable Security Standard A “reasonable security” standard can provide specific requirements that every operation of an information system is to ensure protection of data as well as networking communication of hardware and software. The development of a reasonable security standard should be a collaboration of developments that’s derived from the industry and the government. The key is to provide a basic security standard for all information systems across industries that can be rightfully implemented and governed throughout the country.... [tags: Computer security, Information security, Security]
725 words (2.1 pages)
- The quick development in the field of technology made it important for all the big business to implement such technology in their industry procedures, so that competitive benefits over others can be accomplished. The following paragraph contains a brief description about the information technology security in general//. With the increasing benefits of implementing the technology in the business places, most of the business organizations have identified such technology as one of the crucial aspects for achieving success.... [tags: Information security, Security, Computer security]
1025 words (2.9 pages)