Assignment 3.1a
CIS 608
Ethelyn J. Balisteri
Bellevue University
INFORMATION SYSTEMS SECURITY POLICY—HOME USE COMPUTER POLICY IS-POL-100
Information is an asset that, like other important personal assets, is essential to an in-dividual and should be protected. Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown, or spoken in conversation. In whatever form the information takes, or means by which it is shared or stored, it should always be appropriately secured.
Personal Information security is the protection of information from a wide range of threats in order to protect personal information, minimize risk, and maximize prevention of identity theft. Information security is achieved by implementing a suitable set of con-trols, including policies, processes, procedures, and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and im-proved, where necessary, to ensure that the specific security and personal objectives of are met. This should be done in conjunction with other processes.
The objectives identified in this plan represent commonly accepted goals of information security management as identified by the NIST SP 800 series.
Security Policy
The objective of information security policy is to provide management direction and support for information security in accordance to protect personal
| The security controls for the information system should be documented in the security plan. The security controls implementation must align with the corporate objectives and information security architecture. The security architecture provides a resource to allocate security controls. The selected security controls for the IS must be defined and
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level
internal and external users to whom access to the organization’s network, data or other sensitive
The consumer expects that when using a public computer for a specified task such as printing through a service, that the data or material is protected from other users including employees. When using a public computer for internet surfing, tax filing banking, etc. the general public user does not always think about the threats to security of their own personal information. It is important for the company to protect the users in addition to the users understanding the potential threats that exist when entering personal information.
This policy establishes the guidelines that the organization follows. This would include an acceptable use policy, an authentication policy, and an incident response policy (“The IT Security Policy Guide”, n.d., pg. 6). This policy will reflect the entire organizations security posture, not just the IT department ideas. A strong policy will help employees understand what is expected of them, and explain to customers how their information is protected.
Management defines information security policies to describe how the organization wants to protect its information assets. After policies are outlined, standards are defined to set the mandatory rules that will be used to implement the policies. Some policies can have multiple guidelines, which are recommendations as to how the policies can be implemented. Finally, information security management, administrators, and engineers create procedures from the standards and guidelines that follow the policies.
The organisation maintains policies for the effective and secure management of its information assets and resources.
This policy provides a framework for the management of information security throughout Cañar Networking organization. It applies to:
For example a clerk will only be able to access a limited amount of information, such as inventory at each store. The limitations will be different for an accountant or the mangers. All information will be protected with several different layers of security. The first layers will be simple hardware protection for access to the network; from there the security will increase with password protection and restrictions to users. (Merkow & Breithaupt 2006)
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.
Overview The City of Chicago (City) intends to manage its information technology and information assets to maximize their efficient, effective, and secure use in support of the City‘s business and its constituents. This document, the Information Security Policy (Policy), defines the governing principles for the secure operation and management of the information
In this phase, the project manager will consider all options. Will the information security policy is needed? What are the benefits of developing information security policy? Will it add up the cost of acquiring the system?
While all of these best practices have a minor role in the information assurance policy development process, the practice for adopting and maintaining a written policy and information security program to protect Non-public Personal Information as required by local, state, and federal laws is the main focus in this regard. ALTA’s stated purpose of this practice is:
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which