The Practice Of Information Security Management Essay example

The Practice Of Information Security Management Essay example

Length: 1160 words (3.3 double-spaced pages)

Rating: Better Essays

Open Document

Essay Preview

The famous cryptographer Bruce Schneier once said that “[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of Information Security Management is employed by businesses through a variety of standards, best practices, and frameworks to combat this issue. Their adoption of best practices in the public domain allows businesses to strive for improvements through their own interpretation. These best practices are sourced from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma, or ITIL. The frameworks “exist to help organizations assess their security risks, implement appropriate security controls, and comply with governance requirements as well as privacy and information security regulations” (Saint-Germain, 2005, p. 60). ITIL is defined as the Information Technology Infrastructure Library that serves as a governance framework of Information Technology Service Management (ITSM). ITSM enables the business through the support of IT services. MGMT 7 dedicates an entire chapter to the management of information. The strategic importance of information is stressed and organizations must take the proper measures to protect that data. A successful implementation of ITIL’s ISM process with the support of ISO standards will allow for effective risk management of security issues that an organization may encounter.
To fully understand how ITIL supports ISM practices, a deeper look at ITIL how came into fruition and how ITIL works is due. The framework has gained popularity due its vendor-neutral policies that are not tied to any commercial company (ITpreneurs, 2014, p. 15). Other reas...


... middle of paper ...


...implementations
3. Check. Monitor and review the ISMS
a. Assess operational risk
4. Act. Maintain and improve the ISMS
a. Measure and monitor (Tipton & Krause, 2008, p. 20)


Considering the ITIL – ISO article ISO Standards supplement to

Structure of the ISMS compared to itil



, ITIL details the steps to be taken through individual processes
By following the successful processe sSo what defines a service? and customers

All in all, organizations will continue to face issues arising from a lack of security or an improperly managed security system. Something about risks. By successfully employing Information Security Management through the adoption of standards, best practices, and frameworks, ISM will allow organizations to better prepare for security issues that may arise. Successfully implementing ITIL’s ISM process with the support of ISO standards can achieve

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »

Information Security in America and Sweden Essay example

- Introduction: Business today retains a variety of problems, a major one of these problems are breaches in information and consequently society has come up with Information security to help secure peoples privacy. In order to understand why we have information security, one has to first apprehend the value of information. Typical information stored by different businesses and individuals will consist of an assortment of hypersensitive information that revolves around their employees, financial status, earnings, plans for the future, personal information etc....   [tags: Information Security]

Better Essays
1469 words (4.2 pages)

An Evaluation of Information Security and Risk Management Theories Essay

- An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research....   [tags: it security, risk management, nist]

Better Essays
1902 words (5.4 pages)

Physical And Environmental Security Impact On Forensics Investigations Essay

- Introduction Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities....   [tags: Security, Physical security, Computer security]

Better Essays
1934 words (5.5 pages)

Health Information Management Essay

- Health Information Management Health information management involves the practice of maintaining and taking care of health records in hospitals, health insurance companies and other health institutions, by the use of electronic means (McWay 176). Storage of medical information is carried out by health information management and HIT professionals using information systems that suit the needs of these institutions. This paper answers four major questions concerning health information systems. AHIMA's Data Quality Management Model The American Health Information Management Association is a body of health information professionals that majorly concerns itself with the improvement of the qualit...   [tags: Management Information Systems]

Better Essays
910 words (2.6 pages)

The Security Breaches Of The Target Store Corporation Essay

- Introduction This paper will present to the Northcentral University Information Technology Supervisor research in the form of a report that will assist with determining the controls required to implement to ensure that data are secure for the university. This paper will summarize the security breaches of the Target Store Corporation over the previous year and make recommendations in the form of information technology security best practices to strengthen the University’s infrastructure. Summarize Major Security Breaches The Target Corporation was exploited in December 2013 and then again in 2015....   [tags: Computer security, Information security]

Better Essays
801 words (2.3 pages)

Human Vulnerability and IT Security Essay

- Information Technology (IT) managers are constantly tasked with evaluating their organization’s overall security posture and reporting the greatest vulnerabilities to leadership. Senior management is often surprised to hear that the greatest vulnerability within an organization is not a misconfigured firewall or a virus being forwarded across an internal e-mail server, but rather a human being. When compared to a piece of hardware or software, a human user is easily the single most targeted weakness within an organization....   [tags: Computer and Information Security]

Better Essays
2352 words (6.7 pages)

Security Violations And The Federal Trade Commission ( Ftc ) Essay

- systems to be shared for information security. Compliances and Regulations Private sector businesses are required to follow a new policy which enforces private establishments to report any national information breaches to the Federal Trade Commission (FTC) within 60 days. This policy should prevent and address any security lapses to actuality inform clients of any breaches of their personal information. The FTC would be in charge of authorizing punishments against violators. Under certain regulations, businesses could face costly liability penalties up to $10,000 dollars....   [tags: Security, Information security, Computer security]

Better Essays
721 words (2.1 pages)

Information Security Governance Description Essays

- In a company, a senior management needs to address management tasks and have an information security governance. The information security governance (ISG) is a way for a company to protect information in the information systems. According to Grama, the responsibility of the ISG falls on the executive management team to protect the information assets, (p. 373, 2011). The company will need to have its information security goals align with its business needs to help protect information. For example, a company needs to make a profit to stay in business and it should include goals to protect information from hackers....   [tags: IT department, haccker, senior management]

Better Essays
1130 words (3.2 pages)

The Security Strategies That Startups Can Not Compromise With Essay

- 5 Security Strategies That Startups Cannot Compromise With "There are forces at play now that aren 't satisfied with just stealing your money, they want to destroy your entity."- Steve Duplessie, founder and Sr. Analyst at Enterprise Strategy Group. Advanced Persistent Threats (APTs), Distributed Denial of Service (DDoS), Inside Attacks, Password Attacks, and Phishing, are the most common cybersecurity attacks that hackers use to steal valuable information and data of the big as well as small enterprises in the IoT-based ecosystem....   [tags: Security, Computer security, Security engineering]

Better Essays
830 words (2.4 pages)

Security And Privacy On The Internet Essay

- Many users are subject of Security and Privacy on the Internet issue. The term "information" now is more used when defining a special product or article of trade which could be bought, sold, exchanged, etc. Often the price of information is higher many times than the cost of the very computers and technologies where it is functioning. Naturally it raises the need of protecting information from unauthorized access, theft, destruction, and other crimes. However, many users do not realize that they risk their security and privacy online....   [tags: Computer Security]

Better Essays
1474 words (4.2 pages)