Who needs an Information Security Program?, Discussion Questions help

User Generated

puevfgvar15

Writing

Description

1. Who needs an Information Security Program?


Prepare a two page briefing paper (5 to 7 paragraphs) which provides background to senior leadership and corporate board for the case study "company." (Use the case study and provide specific information about "the company").

In your briefing paper, provide background about the standard is (what it requires) and how the company can benefit from implementing a formally documented information security management system (program). You should also address the standard's requirements for policies to support the information security program.

Your briefing paper should fully answer the question "Why should our company adopt an ISO/IEC 27001 compliant Information Security Program?"

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.


2. Communicating Policies to Employees and Managers


Review the case study and the weekly readings. Use the case study and provide specific information about "the company" in your response.

Prepare a one page briefing statement (3 to 5 paragraphs) for the company's CISO which presents a strategy for communicating a new "social media" policy to field office employees and managers. This policy will restrict the freedoms that field offices have previously had with respect to establishing and managing their own "branded" social media accounts for marketing and communications about the services offered at each field office.

Consider whether or not your strategy should include:

  • Distribution of printed copies of the policies
  • Email distribution
  • Web links to an internal Website
  • Face-to-face briefing of field office staff and managers (with or without Question & Answer session)
  • Newsletter
  • Other (?)

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.



Choose one of the policy implementation documents from this week's readings (a) DHS Risk Management Fundamentals OR (b) DoD Cybersecurity Culture and Compliance Initiative.

Using your selected policy implementation document (DHS or DoD), prepare a two page briefing paper (5 to 7 paragraphs) for the senior leadership and corporate board of the case study "company." (Use the case study and provide specific information about "the company" as appropriate for your briefing).

In your briefing paper, you should address how this type of document can be used to support implementation of specific risk management strategies.

  • For the DHS document you should focus on the use of training and doctrine (establishing a specific business process) as a risk management strategy. Discuss the pro's and con's of using a single risk management process across all corporate operations.
  • For the DoD document you should focus on the use of "culture shift" as a risk management strategy. Discuss the pro's and con's of using "culture shift" and "individual responsibility / accountability" as a risk management strategy.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: WHO NEEDS AN INFORMATION SECURITY PROGRAM?

Who needs an information security program?
Author
Institution

1

WHO NEEDS AN INFORMATION SECURITY PROGRAM?

2

To begin with, Information Security is a phrase that simply means the protection of
information and information systems from access to unauthorized entities. In informati0n security,
unauthorized personnel are denied access, the ability to modify, use, create or destroy data entries
in the information system.
With that said, it is evident that all companies, regardless of their sizes, need to have an
information security program in place for the protection of their data and information assets. The
security program facilitates for the protection of the company and associated assets, information
classification hence easy management and retrieval, monitoring and managing risks by discovering
threats and implementing mitigation practices, gives the framework for information security
policies, standards, guidelines and procedures.
The central property that a security program is implemented to protect is the company’s
data, and it goes without saying that the core functionality of the company or business lies in the
data at hand. Most of the company’s activities revolve around use of data such as customer
information, which will include customer confidential information, financial information which
will include the company’s financial dada and records as well as market analysis and assessments,
product information which will include plans and product designs, source codes and patent
applications.
According to the ISO Information security standards, the ISO 27000 bit addresses the data
protection standards which call entities and companies to implement effective security measures
in the protection of confidential personal information by the leveraging of new technology and
facilities. The company needs to go for data processors who will guarantee transparency in their
handling and security, working on the data in accordance to the instructions given by the company.

WHO NEEDS AN INFORMATION SECURITY PROGRAM?

3

The company needs to bring onboard a reliable technical team which will minimize labor
turnaround and pre-employment vetting.
There are numerous benefits that come with the proper implementation of an effective and
formally documented ...


Anonymous
I was stuck on this subject and a friend recommended Studypool. I'm so glad I checked it out!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags