Information Systems Security : A Proposed Research Topic

From the Requirements for the Corporate Computing Function, the fifth computing facility fulfillment point reads, “Meet information requirements of management” (Stallings, 2009, p. 58). Stated in another way, this Chief Information Officer’s (CIO) mission statement’s component implies that company information can be utilized by management for a great deal of things. While the security of all company-owned data is immensely important to the success of the organization, some of the information carries significant value when used by

Moreover, now days using information system is not as walking as in the park, it has many new security treats that the company might lose their confidential data, financial and personal information.

When considering an IS implementation, an investigation of the system’s current state is needed. This is stage one. The goal here is to address any problems and/or opportunities that are creating a need for a new system to be implemented. After the investigation concludes, organizations need to consider the time and resources it will take to address the issues at hand and ultimately decide if they will be moving forward in the system development life cycle.

Meeting information requirements of management is a key focus for many organizations. Companies are constantly looking for ways to improve how they manage information. Information is essential for any decision making process and day-to-day operation. Therefore, it is important that information is managed and disseminated properly throughout the organization. Management use information to establish policy and strategic planning.

The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSA's framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA).

In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.

Essential to managing confidentiality and integrity are tools that aid in Identity Management or “IdM”

Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as

Limitations of Research: Considering all the studies this paper also has limitations. Since Information security management is prominently growing area, the guidelines maybe unstable and quick changes can happen. However the loss can be overcome if the organization maintains its security policies in clear and update them timely.

Information is the key to any organization in the world today; it is what makes an organization successful, accurate and proficient in an increasingly competitive market. Without information a company is powerless, it does not know its customer or understand them,

Information security is often still playing in companies only a minor role. Many companies neglect aspects such as system misuse, sabotage or even espionage. But by now the reality has caught up with them. Straight from abroad there are more hacker attacks and espionage by competitors. Therefore, the law requires different approaches before to ensure information security. Companies must for example ensure that their information-processing systems are protected and kept safe.

Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.

It has long been accepted that constant change is fundamental to IT. While most IT managers understand that change is part of the norm, the organizations that employ them often resist it. Successful IT development calls for having a clear blueprint for proper IT direction of an organization. By using a System Development Life Cycle (SDLC) model and sound best practice methods, an IT manager can define that blueprint and make the best possible IT decisions.

Have to secure the information which is given to internal management which improves board’s oversight role in the company.

While information security has many benefits in our technologically advancing environment, it also comes with its own set of issues. Three of the top issues in keeping information secure are lack of awareness, complacency, and no root cause analysis. Even more recently, we have experienced issues with information security and allegations of election hacking.