Weekly Assignment- Security Jean Robert Robillard BUSN624: Principles of E-Commerce APUS Professor: Alex Lazio 11/27/16 Weekly Assignment-Security 1. Identify and describe the five main steps in establishing a company’s security plan? The IT department of e-commerce firms must have a security plan to protect the technologies and assess the risks. Laudon and Traver identify five steps in establishing and assessing the company’s security plan. The followings are the steps: risk assessment, security policy, implementation plan, security organization, and security audit. The first part is to assess the security risks and to inventory the e-commerce site by priority. The list of inventory consists of looking the type of information asset and the value of the firm. This step includes the accounting of the company assets from the design, activities, personals, machines, devices, payroll, and networks. These assets must be valued by their priority for the firm. After the audit of the company’s assets, it is now the step to develop a security policy. In this step, the risks are identified, prioritize, and target. The security policy must have objectives to protect the most valuable assets of the company. The third step is the development of an implementation plan to achieve the security plan goals. The security goals translate into the tools, the technologies, policies, and employee procedures. A set of measures is put in place to eliminate risks. The
| The security controls for the information system should be documented in the security plan. The security controls implementation must align with the corporate objectives and information security architecture. The security architecture provides a resource to allocate security controls. The selected security controls for the IS must be defined and
Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.
Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should
Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system.
The purpose of the system security plan (SSP) is to provide an overview of federal information system security requirements and describe the controls in place or planned to meet those requirements for the Department of Health and Human Services. Each SSP is developed in accordance with the guidelines contained in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Technology Systems, and applicable risk mitigation guidance and standards. Through
|Review of Informational |Whether the Information Security Policy is|The security policy |Without the review of |Each policy should be |
National legislation and local guidelines influence the development of policies and procedures, which affect everyday work with children and young people.
An effective information security program should include, periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. Policies and procedures should be based on risk assessments, cost effective reduced information security risk, and it should ensure that the information security is addressed throughout the entire life cycle of each and every organizational information system. Subordinate plans for providing sufficient information security for groups of the information system, facilities, networks, or information systems.
All employees, business associates and vendors will be made aware of the security policies set forth in this document that must be carried out until further notified. The security standards set forth to carry out this plan have been trialed and
The guidelines of NIST 800-30 lay out a step-by-step process on how to ensure security measures for an organization. This very publication addresses information
The third phase of our risk analysis involves implementing the security controls. Security controls are essentially
12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?
The reader will become familiarised with the term risk and it definitions from specifically the ISO 31000 standard of risk management and also the definition of risk from the criminology crime triangle. Which one of these two definitions that are the most suitable for usage within the security industry will be discussed and evaluated. How and why consequence is important when assessing risk priorities and determining where to allocate resources will be examined and answered.
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which
Security plays a major role in both the business and government worlds. We will discuss the legal aspects of organizational security management. Discuss both the positive and negative influences regarding organizational security. We will also be discussing what consequences will both business and government operations have to overcome if they fail to achieve security goals and objectives. The value private security management brings to businesses will also be discussed.