Information Security Governance Description

1130 Words3 Pages
bulb-icon

Recommended: Importance Of Information

In a company, a senior management needs to address management tasks and have an information security governance. The information security governance (ISG) is a way for a company to protect information in the information systems. According to Grama, the responsibility of the ISG falls on the executive management team to protect the information assets, (p. 373, 2011). The company will need to have its information security goals align with its business needs to help protect information. For example, a company needs to make a profit to stay in business and it should include goals to protect information from hackers. If a company gets a reputation of having security breaches, people would not want to do business with the company and they would lose profits. The CIA triad of confidentiality, integrity, and availability can be used by the ISG to meet the goals. Confidentiality is to protect information by allowing the correct people to have the permissions to access and use information. Integrity makes for the information is accurate and changes cannot be made to the information without the correct permission. Availability is making sure the information systems are always up and that information can be accessed. There are many tasks that senior management needs to address such as to make sure everyone understands the needs for the security of information to be governed. This can be done by informing the board and other senior management who may not be as familiar with information systems, how the threats and damage form the threats can disrupt operations and profits in the company. Another task for senior management to help with the development of the security framework by creating policies, standards, procedures, and guidelines. Thes...

... middle of paper ...

... also need to address external governance in which the company needs to include into their own to conduct business with other companies. A training program will need to be put in place and approved by management and the training program would be easy for employees to understand.

Works Cited

Grama, A. (2011). Legal issues in information security. (p. 373).

Burlington, MA: Jones & Barlett Learning.

Schreier, Jason. (2011 May 23). Sony estimates $171 million loss from PSN hack. Retrieved from http://www.wired.com/gamelife/2011/05/sony-psn-hack-losses/

Tung, L. (5 March 2014). IT security governance: boards must act. Retrieved from http://www.zdnet.com/it-security-governance-boards-must-act-7000026336/

Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 232). Boston, MA: Cengage Learning.

Show More
Related

  • Building A Better Mis Trap Case

    739 Words  | 2 Pages

    In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 264). Boston, MA: Cengage Learning.

    Read More

  • Security At Center Stage: Article Analysis

    713 Words  | 2 Pages

    The article “Security at Center Stage” depicts five secrets to a CSO’s success; it outlines the attributes needed to obtain success in the evolving field of security management. With the evolving role of a CSO there is a great necessity to satisfy all levels of need in the security and business setting. According to the article “Security at Center Stage” a CSO’s success is contingent on being “more that the average techie”, having a “focus on business”, being a “relationship builder”, requiring “an eye toward pervasive security”, and implementing a “dual reporting structure.”

    Read More

  • Primary Responsibilities of a Private Security Manager

    1019 Words  | 3 Pages

    Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.

    Read More

  • Ethical Hacking: The Different Types of Hacking

    819 Words  | 2 Pages

    Michael T. Simpson, K. B. (2010). Hands-On Ethical Hacking and Network Defense, 2nd Edition. In K. B. Michael T. Simpson, Hands-On Ethical Hacking and Network Defense, 2nd Edition (pp. 2-6). Boston: Cengage Learning.

    Read More

  • Biometric Technology

    1204 Words  | 3 Pages

    Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.

    Read More

  • Professional Development

    1362 Words  | 3 Pages

    Important steps in this phase include providing the budget dollars, identifying the full training content and level, selecting the training type, identifying the training provider, and the timing of the training. It is important that we communicate our well-formulated plan throughout the organization. The communication to staff will be clear that management is fully behind the training initiative, and all levels of the organization support it. The training must be communicated to all employees as a must have, from the top down. It is an essential component to the future success of our company.

    Read More

  • The Importance Of IT Governance

    1336 Words  | 3 Pages

    IT governance is an important concept in the information technology. The IT governance structure lays out the level of authority, decision-making process and the way issues are resolved. It ensures that companies stay on track to achieve their strategies and goals, implement good ways to measure IT’s performance, and shows what key metrics management needs and what return IT is giving back to the business from the investment it’s making (Schwartz K, 2007). IT governance helps to achieve cooperation between business and IT, and IT involvement of senior management (De Haes S, 2014).

    Read More

  • Disadvantages and Advantages of Encryption

    647 Words  | 2 Pages

    Arthur Conklin, G. W. (2010). Principles of Computer Security: CompTia Security+ and Beyond. Burr Ridge, Illinois: McGraw-Hill.

    Read More

  • Risk Management Strategies

    1713 Words  | 4 Pages

    This report aim to explain how is achieved risk control through strategies and through security management of information.

    Read More

  • Information Security Polices

    906 Words  | 2 Pages

    Users who do not care about information security end up losing their important and confidential information. This is because lack of proper information security exposes information to unwanted interference. Puhakainen (2006) believes that information technology users should be educated about the critical aspects of information security and be helped to access such in order to ensure data protection. Implementing strong information security prevents data from hacking and other crimes related to information technology. 2.4 Importance of Information Security

    Read More

  • Importance of Training and Mentoring

    1227 Words  | 3 Pages

    We believe that, as a means for you as our employee to expand into a winning professional, two types of schooling in business and interpersonal maturity should be in place. We understand that business is important. However, the success of a business is contingent on our employees’ personal and professional development. We want our employees to have fun in their daily work and in their training. Objective of the Training The reason for the training program is to pair the trainee with a mentor in order for the trainee to become more knowledgeable about the products and services that we provide. With a mentor, the trainee has instant access to a person who can answer questions and concerns. The training program provides the trainee with other important information including the following: the company history, features and benefits, compliance standards, contract related training, computer/software training, leadership training, customer service, communication, and regulations.

    Read More

  • Increase of Internet Piracy and Hacking

    1005 Words  | 3 Pages

    Wehner, Mike. “Sony lost $171 million due to PlayStation Network downtime”. Tecca. Tecca, 23 May 2011. Web. 27 March 2012.

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

  • Strictest Code Of Ethics Essay

    1234 Words  | 3 Pages

    In 1986, Richard Mason defined the necessary ethical guidelines for proper and moral handling of information, and the technology that supports that information. He defined these ethical guidelines as PAPA, which refers to Privacy, Accuracy, Property, and Accessibility (Mason, 1986). With the rapid expansion of information technology, these core ethical principles have become more important than ever, in both personal and professional environments. Unfortunately, the rapid expansion of information technology presents a host of new and unprecedented challenges to these ethical strategies. As an aspiring network administrator, adherence to this core code of values is imperative. Despite the fact that the Fourth Amendment to the Constitution was designed to protect the privacy of individuals, new methods, laws, and policies are necessary to protect the privacy of information. Likewise, accuracy is essential as a student of information technology, as well as in the networking industry. Furthermore, in an age where intellectual property is often far more valuable than physical property, ethical concerns regarding property must be analyzed, and addressed in a proper manner. Finally, as a network

    Read More

More about Information Security Governance Description

Open Document