Many organization struggle with writing policies

Assignment Help Computer Networking

Reference no: EM13763469

Question number 1.

Information Security Policy. An Information Security Policy is the cornerstone of an Information Security Program. It should reflect the organization's objectives for security and the agreed upon management strategy for securing information.

In order to be useful in providing authority to execute the remainder of the Information Security Program, it must also be formally agreed upon by executive management. This means that, in order to compose an information security policy document, an organization has to have well-defined objectives for security and an agreed-upon management strategy for securing information. If there is debate over the content of the policy, then the debate will continue throughout subsequent attempts to enforce it, with the consequence that the Information Security Program itself will be dysfunctional.

Many organizations struggle with writing applicable policies that are relevant to their changing environments. There are a plethora of security-policy-in-a-box products on the market, but few of them will be formally agreed upon by executive management without being explained in detail by a security professional. This is not likely to happen due to time constraints inherent in executive management. Even if it was possible to immediately have management endorse an off-the-shelf policy, it is not the right approach to attempt to teach management how to think about security. Rather, the first step in composing a security policy is to find out how management views security. As a security policy is, by definition, a set of management mandates with respect to information security, these mandates provide the marching orders for the security professional. If the security professional instead provides mandates to executive management to sign off on, management requirements are likely to be overlooked.

why do you think many organization struggle with writing policies?

question number 2

In the attached white paper it states:

As computers become more common place in homes, and more necessary in businesses of all types, the incidence of information security related breaches has grown accordingly. Where once only large corporate environments were susceptible to attack, increasingly individuals and small business networks are being targeted. It is not, however, only from outside that these attacks originate; consider the following scenario:

"A man comes home from work and sits down at the family computer to update is checkbook. After double-clicking on the program icon, he receives a message that his data file cannot be found; further searching reveals that the file no longer exists. Asking his wife if she knows anything about the problem, he is told, "The kids were playing around on the computer earlier today." Interrogation of his children reveals that they had deleted his checkbook file because they, "...needed more space on the hard drive for games."

While this illustration is not based on any known incident, it is certainly a plausible situation, and demonstrates the need for information security even at the individual level. What can be done to mitigate the risk of an information security incident, and how should people approach the task? After reading the attached white paper do you feel the information that is connected to the Internet can ever be secure ? Will we ever be able to mitigate vulnerability to an acceptable level?

Reference no: EM13763469

Questions Cloud

Analysis to measure profitability and liquidity : Write a paper of no more than 1250 words in which you conduct a comparative and ratio analysis to measure profitability and liquidity.

Most powerful tools available for managers : Managerial accounting is all about making informed decisions. Cost-volume-profit (CVP) analysis is one of the most powerful tools available for managers to crunch numbers, gain a thorough understanding of a situation, and perform a what-if analysi..

In what situations terminated employee have no recourse : What are the possible legitimate reasons for which an employee can challenge a wrongful termination? In what situations does a terminated employee have no recourse

Planning phase of the management process : How do managers use the concept of cost-benefit during the planning phase of the management process and how do managers use the concept of cost-benefit during the performing stage of the management process?

Many organization struggle with writing policies : Information Security Policy. An Information Security Policy is the cornerstone of an Information Security Program. It should reflect the organization's objectives for security and the agreed upon management strategy for securing information.

Description of the criminal offender : In your assignment, provide a description of the criminal offender, including the type of crime committed and the charge handed down by law enforcement

Discuss works written by major nineteenth century authors : Discuss works written by major nineteenth century authors. Discuss biographical details of specific major American authors from the nineteenth and twentieth centuries.

How ny residents and nonresidents are taxed : How NY residents and nonresidents are taxed, including the source of income principal and whether the taxpayer is a NY resident or nonresident for the year(s) at issue;

Should the gun be admitted as evidence : Police were investigating a shooting death outside a cafe in Dallas, Texas. Defendant Ortez had left the scene of the shooting and had returned to his boardinghouse to sleep. Should the gun be admitted as evidence

User Account

All Pages