Security Policy Framework For Creating A Security Program

All organizations should have an effective IT security policy framework to creating a security program to meet the needs of the organization to protect information and their information systems. There are many security frameworks that can be used to design an IT security program such as NIST and COBIT being a few. It is very important to establishing compliance of IT security controls with U.S. laws and regulation. The organization can align the policies and controls with the regulations. There are seven domain in the framework and each have their own challenges. There are issues and challenges with implementing a security policy framework and ways to overcome these problems. The IT policy framework is made of policies, standards, baselines, procedures and guidelines to help protect information systems of the organization. There are several frameworks that can be used and three of them stand out as more widely used are Control Objectives for Information and related Technology (COBIT) , ISO/EIC 27000 series and National Institute of Standards and Technology (NIST) Special Publications. If an organization does business with internationally, they may want to look into the ISO/EIC 27000 framework. According to Johnson (2011), there are 12 areas of the ISO/EIC 27000 which are risk assessments and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communication and operationsShow MoreRelatedIT Security Policy Framework Essay837 Words   |  4 PagesEstablishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses. The ISO/IEC 27000-series consist of information security standards published jointly by the InternationalRead MoreInformation Security In Zanziabar Public Sector1465 Words   |  6 PagesThe information security challenges faced in Zanzibar are persistent in transitional countries as could be seen in the case study â€Å"state of Information Security in Zanzibar’s public sector† (Shaaban, et al., 2012). Most of these challenges are partly attributed to lack of proper budgeting for ICT infrastructures, cultural gap awareness, political instability, trust, business continuity plan, and inadequate human resource management to effectively manage this technology (Dada, 2006). The applicationRead MoreAssessment of the Scada, Stuxnet Worm on US and Global Infrastructures1598 Words   |  6 Pagesspecific devices and programmable controllers down to the manufacturer and operational block level (Network Security, 2010). The Stuxnet worm is widely believed to be designed to quickly navigate the Microsoft-based platform of the Iranian Bushehr reactor and disable it from operating, as this nation is widely believed to be using the reactor to produce uranium for their weapons program (Network Security, 2010). The stealth-like nature and speed of the Stuxnet worm has also been problematic to catch evenRead MoreFederal Information Security Management Act1396 Words   |  6 PagesAbstract It’s always important to defend our information from an unauthorized access. To support this, United States enacted a federal law for Information Security in 2002, called FISMA. FISMA stands for Federal Information Security Management Act. FISMA features include policy development, risk management and Information security awareness for federal agencies. In this paper, we shall discuss the purpose of FISMA act, what is NIST’s role in FISMA, FISMA implementation project, contemporary criticismsRead MoreThe Department Of Homeland Security Supplies A National Protection Plan1528 Words   |  7 PagesThe Department of Homeland Security supplies a national protection plan concerning critical infrastructure security. This plan targets a wide audience, including public and private critical infrastructure owners and administrators. Managing risks through identifying, deterring, and disrupting threats to critical infrastructure is the direct focus of this plan. The ability of an organization to reduce the impact of a threat that has occurred and reducing the impact of one that may occur is essentialRead MoreInformation Governance : An Organization Essay1432 Words   |  6 Pagesanalyze and distribute information across all the business processes is Information Governance. It is about policies and the practices that enable us to make decisions about how information can be managed. It helps companies enforce the desirable behavior, in creating, using and managing and most importantly leading corporate with respect to information. Information governance is application policy to all information in an organization from is inception, creation to its final disposition. Body InformationRead MoreProposal For The Windows Security Management1563 Words   |  7 PagesProposal For the Windows Security Management of â€Å"NextGuard† Organization Introduction NextGard Technologies, an organization located in Phoenix, AZ which have some specific specialization in offering the network consultation services like security and privacy related concerns for the various American clients. The company has presently different offices in the five states of the various countries including Atlanta, Georgia, Los Angeles, New York, etc. The headquarter is in Phoenix, AZ. The organizationRead MoreInformation Governance And Its Impact On The Business Process Essay1529 Words   |  7 Pagesand distribute information across all the business processes is Information Governance. It is about policies and the practices that enable us to make decisions about how information can be managed. It helps companies enforce the desirable behavior, in creating, using, managing and most importantly leading corporate decision makers with respect to information. Information governance is application policy to all information in an organization from its inception, creation to its final disposition. It hasRead MoreKenya And The Kenyan Police Force1674 Words   |  7 Pagesmassive number of Muslim youths to continue getting radicalized. Considering the awareness of coastal communities about the role of Kenyan government about socio-economic deprivation, the local institutions are always incapacitated to address their security, employment, and education needs. This provides the violent extremists with opportunities to capitalize on the feelings of marginalization and hopelessness among the local communities, resulting in radicalization. Studies shows that the widespreadRead MoreWhat Are The Behaviors That Influence Information Security Compliance And Attitudes Toward Compliance In The Public School System?1723 Words   |  7 Pagesadministrators may consider prioritizing the need for information security training to avoid disclosure of information from both students and teachers. Moreover, school administrators may implement policies that promote the protection of information among students and educators. The findings also contribute to the body of knowledge about the factors that are unknown about unauthorized disclosure of information related to information security awareness training in public schools. Furthermore, the research