preview

IT Security Policy Framework Essay

Good Essays
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses. The ISO/IEC 27000-series consist of information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). In accordance with ISO/IEC 2700, we begin to define the guidelines to support the interpretation and implementation of information…show more content…
The first challenge is in the user domain. We must train our employees to ensure they are aware of the security policies. Employees need to understand the policies and how it aligns with business goals and mission statement. Another challenge in this area is handling of sensitive information and non-public customer identifying information. In order to be compliant we must have a training program in place that is in line with the regulations. In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information. In addition to the threats and vulnerabilities inherited with wired local area networks (LAN) there are many more risks associated with the use of wireless and mobile technologies. The use of laptops, smartphones, and tablets create vulnerabilities that can fall outside our network securities measure. Attackers will be able to bypass the firewalls and gain direct access to the doctor’s data. Once an intruder has access to the network the intruder will be able to launch denial of service
Get Access