BY Jianing Wu 300365997
Background for the Information Security Policy
The information technology has been developing at an incredible speed from the 20th century, which has been recognised and widely used in people’s diary life now- people’s personal profile details on the social media, payment details and even businesses using the information technology to make, transfer and analysis their annual income reports. However, as the information technology is becoming an important role in our lives, how to protect the valuable information from being abused has become the topic that people concern more about right now. Information Security policy is deemed to safeguard three primary objectives confidentiality, integrity and availability. And it consists three main elements- Authority & Access Control Policy; Responsibilities, Rights and Duties of Personnel and Security Awareness Sessions. This article is aiming to discuss three key elements of the information security policy and data control and transfer.
Authority & Access Control Policy
The first element of the information security policy is Authority & Access Control Policy. In the information field, the authority & access control system stands for that the valuable data and information assets must guarantee to the person who approved to access and not disclose to others (Alberts & Dorofee, 2002). Take online shopping as an example, and consumers write their private address details, preference order of some particular goods and even individual’s total income per year on the sellers’ websites, and those data has been recorded by retailers so as to continue the following business process. Confidentiality shows that the information and data consumers...
... middle of paper ...
...ne should be aware of the importance of it.
As the information security has become a more and more issue in the past decades, policies should be considered by both of individuals and businesses. Authority & Access Control Policy is to keep the information safe and prevent it being abused. Responsibilities, Rights and Duties of Personnel makes the accuracy of data in order not to cause severe outcomes, and Security Awareness Sessions is an ongoing program shall be established and maintained so as to ensure that each of the business’ staff awareness is refreshed and updated as necessary.
Words count 792
Alberts, C. J., & Dorofee, A. (2002). Managing information security risks: the OCTAVE approach. Addison-Wesley Longman Publishing Co., Inc..
Peltier, T. R. (2005). Information security risk analysis. CRC press.
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- General Comments One item of great note of this case study is the fact that it is for a financial institution that is involved heavily in international transactions. This flavors the report because if a company is doing their work on a global and international basis, then there is a requirement to deal with compliance, the legal and regulatory requirements in the rest of the world. The European Union has their privacy requirements and Japan both have a type of Sarbanes-Oxley, with France, Germany, Canada and Australia having both regulatory and legal requirements embracing the ideas of (NIST Special Publication 800-53, Revision 4).... [tags: Security, Access control, Information security]
1080 words (3.1 pages)
- Update and access of personal information If you wish to make any changes to your personal information, please contact us. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete. You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable period. We will give access in the manner you have requested if it is reasonable to do so. We may charge you a fee to access the information.... [tags: Security, Computer security, Access control]
1141 words (3.3 pages)
- Accurate information We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you or others provided to us. Update and access of personal information If you wish to make any changes to your personal information, please contact us. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.... [tags: Security, Computer security, Access control]
1232 words (3.5 pages)
- Introduce the concept of using information security models (why are they important). Two fundamental concepts in computer and information security are the security model, which outlines how security is to be implemented. Basically providing a blueprint and the architecture of a computer system, which fulfills this blueprint. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. A security model provides a deeper explanation of how a computer operating system should be developed to properly support a specific security policy (Whitman, 2014).... [tags: Computer security, Access control, Computer]
747 words (2.1 pages)
- Heterogeneous and dynamic environments creates a need for a viable access control system in such a way that the security of data and information will be solidly ensured. Organizations have various types of resources that need access regulation. The purpose of which is to make sure that only the intended can access the resources while keeping the unauthorized person out of the loop. Even at that, hierarchy, type and the degree of task delegated to a user will determine the level of access that he or she will be granted.... [tags: security, level, access, control]
2713 words (7.8 pages)
- Organizations today face many ominous cybersecurity concerns that must be addressed systematically and effectively to protect the organization, their customers, and their employees. Information systems which house significant amount of data can be extremely alluring to hackers. Thus, ensuring the classification, uprightness, and accessibility of databases ought to be incorporated as a component of the security arrangement for each association. Vulnerabilities and threats identified within our research has harmed their credibility, integrity, and confidentiality of iTrust databases.... [tags: Authentication, Access control]
1201 words (3.4 pages)
- Princeton University possesses information that is sensitive and valuable. Personally identifiable information, financial data, building plans, research, and other information considered sensitive. Some information is protected by federal and state laws or contractual obligations that prohibit its unauthorized use or disclosure. The exposure of sensitive information to unauthorized individuals could cause irreparable harm to the University or members of the University community, and could also subject the University to fines or other government sanctions.... [tags: Computer security, Access control, Authentication]
771 words (2.2 pages)
- Technical Project Paper: Information Systems Submission I’ve recently been assigned as the IT professional in charge of security for a small pharmacy that has recently opened within a shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls geared towards protecting medication and funds located on the premises, as well as the personally identifiable information and protected health information of your customers that resides on your system.... [tags: Computer security, Access control, Computer]
1444 words (4.1 pages)
- DATABASE SECURITY Managing a database in today’s information age remains is challenging. Add to it, the fact that databases are amongst the most critical assets for an organization. They hold critical and at times sensitive information, furthermore in recent years as every type of imaginable transaction happen through the use of computers and transactions has to be managed and stored somewhere. Today regulations and legislations related to data or database security dictate that all kinds of security breaches should be reported, it’s easier said than done (Gertz, 2007).... [tags: Access control, Computer security, Security]
706 words (2 pages)
- Comparison between Mandatory Access Control (MAC), Discretionary Access Control (DAC) and Role Based Access Control (RBAC) Models in Database Management Systems Abstract This paper includes the comparison between access control models Mandatory Access Control (MAC), Discretionary Access Control (DAC) and Role Based Access Control (RBAC) and explores the advantages and disadvantages of implementing the subjected models. They provides the fundamental policy and rules for the system level access control.... [tags: Access control, Mandatory access control, XACML]
3144 words (9 pages)