Nova Southeastern University
Circuits of Power in creating de jure Standards: Shaping an International Information Systems Security Standard
Instructor:
Dr. Gurvirender Tejay
Done By:
Abdullah Elzallal
Due Date:
09/21/2015
Research Problem
Information Security is one of the critical fields in the protection of data in all institutions. The quality of information security department depends on some internal and external factors. An article written by Backhouse, Hsu and Silva in 2006 addressed many factors regarding information system security. The research problem of the paper was focused on comprehending how power operates in establishing and institutionalizing standards. According to Backhouse et al. (2006) there is little information known regarding the impact of power and politics on institutionalizing an informal group comprising of security chiefs and setting legal standards for information system security standards. The authors sought to understand how the circuits of power operate in creating legal standards in information security system (Backhouse, Hsu, & Silva, 2006). Moreover, the research was driven by the desire to understand the role of external contingencies, resources, powerful personnel, and membership of social and institutional groups in enhancing fruitful political outcomes. The study was aimed at identifying and examining the influence exogenous risks in facilitating the development of a standard from an idea and eventually into an obligatory
When a computer connects to a network and engages in communication with other computers, it is essentially taking a risk. Internet security involves the protection of a computer's Internet account and files from intrusion of an unknown user. Internet security has become an alarming issue for anyone connected to the net. This research paper argues the need for security over corporate intranets that have been dealing with the lack of security within the internet and the numerous attacks and malware threats that hackers use to breach security measures. A corporation uses a private computer network that uses Internet Protocol technologies to securely share any part of an organization's
Organizations with different offices across the world face many trials and tribulations as they try to keep their information secure: the first issue the company might face is legislation. Studies shows that different countries in the world are overseen by a specific legislation which can be conflicting with those of other countries in some way shape or form. These are some examples of legislations laws that can be conflicting with one another: privacy legislation, access and control of information legislation among other types of legislations. The legislation laws of The United
A sound information security policy begins with an understanding of what is the current climate, which can consist of policies, regulations, and laws. It is imperative to understand what legislation your line of business must comply with as well any applicable governance requirements. Beginning with defining what is a policy, a guideline and a standard: a policy provides specific requirements or rules to abide by, which can be either at the governmental level, meaning a statute and/or organization-specific directive; also known as administrative law. According to the SANS Institute (n/d), a leading cooperative research and education organization, a standard can be an amalgam of requirements that is applicable to the user body; and a guideline can be considered akin to a recommendation for a best practice (SANS Institute, n/d). Current government policies can be issued by federal, state, local and/or tribal
For example a clerk will only be able to access a limited amount of information, such as inventory at each store. The limitations will be different for an accountant or the mangers. All information will be protected with several different layers of security. The first layers will be simple hardware protection for access to the network; from there the security will increase with password protection and restrictions to users. (Merkow & Breithaupt 2006)
There are three primary goals for an information security metrics program: compliance with legal requirements; reduce risk by adding new or improving existing capabilities; improve efficiency or reduce cost. In order to achieve any of these goals it is extremely important to gather the appropriate data and formulate useful metrics. The need for useful security metrics cannot be overstated, but there can be confusion about what a metric is, and difficulty determining what a useful metric is. As a business USAA has a duty to protect and improve shareholder investments, and of course must comply with all applicable laws and regulations. There are a variety of laws and regulations that dictate security requirements for financial institutions.
All customer information will be stored in the system and accessible to the clerks as read only. Everything is to be password protected and only managers will have the ability to alter said information.
Assess the adequacy and effectiveness of the organization’s IS security policy. In addition, assess whether the control requirements specified in the organization’s IS security standards adequately protect the information assets of the organization. At a minimum, the standards should specify the following controls and require them to be applicable to all information systems:
Sunica Music and Movies, a local multimedia chain with four locations would like to switch to a centralized network to handle accounting and inventory as well as starting an Internet-based commerce site. The security policy overview shows the new setup will utilize four types of security policies. These polices have set goals that must be meet in order to achieve and maintain a successful transition.
| Source: Standards comes from government security agency. Being non-compliant for security is a great risk and could lead to losing contracts or being susceptible to losing classified informationOwner: Essentially the Security Manager will make sure everyone is in compliance but the employees themselves are also responsible for government project data to be secure.
All workers of this organization oversee ensuring that data is secured appropriately. Senior administration oversees issuing and embracing this Security Policy. They perceive the delicate idea of the data that the association stores and forms, and the genuine potential mischief that could be caused by security occurrences influencing this data. They will along these lines give the most astounding need to data security. This will imply that security matters will be considered as a high need in settling on any organization choices. This will help Campbell Computer Consulting and Technology Company to assign adequate human specialized and budgetary assets to data security administration and to make a proper move considering all infringement of Security
Webster characterizes "policy" as a "high-level overall plan embracing the general goals and acceptable procedures". It is, by and large acknowledged that an organization's information security policies should be the premise of its information security program. Particularly in case of global organizations, the requirement for sensible policies and the issues intrinsic in creating them are exceptionally critical. This paper serves as a dialog of some of the most common data security strategy-related matters that are common to global organizations and offer some approaches to resolving them.
The purpose of this IT Security Compliance Policy is to recognize the legal aspects of the information security triad: availability, integrity, and confidentiality as it applies to the Department of State at U.S. Diplomatic Embassies across the globe. This document also covers the concept of privacy and its legal protections for privately-owned information by the U.S. government and government employee’s use of network resources. A detailed risk analysis and response procedures may also be found at the end of this policy.
After a company spends the time and money to create network security protocols it need to ensure it is doing everything it can to follow the set protocols. With the advancement in technology companies tends to advance with the technology without fully testing it first. They forget about a fundamental rule that technology can attack information security risks present in everyday business. These new technologies can compromise security that leads to constant security gaps, which always losses business. On the other hand some companies do not advance at all with newer and enhanced technologies, big mistake!
Security plays a major role in both the business and government worlds. We will discuss the legal aspects of organizational security management. Discuss both the positive and negative influences regarding organizational security. We will also be discussing what consequences will both business and government operations have to overcome if they fail to achieve security goals and objectives. The value private security management brings to businesses will also be discussed.
Based on knowledge of recommended security best practices and standards, document and communicate the desired future state for security of the ICS.