100% (1)
Pages:
3 pages/≈825 words
Sources:
3
Style:
APA
Subject:
Technology
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 16.2
Topic:

What information standard(s) should your company follow and why

Essay Instructions:
e original security evaluation standards were developed by the U.S. Department of Defense (DoD) in the early 1980s in the form of Trusted Computer systems Evaluation Criteria (TSSEC), commonly referred to as the Orange Book. Given the importance and usefulness of TCSEC, other countries such as Canada, U.K, Germany and France developed their own. Later in 1990, the European Commission harmonized the security evaluation efforts of individual countries by establishing the European equivalent of TCSEC, the Information Technology Security Evaluation Criteria (ITSEC). More recently, in 2007, in an effort to create a repository for network and information security standardization efforts in Europe for security vendors, service providers, developers, and researchers, a portal sponsored by the International Communications Union (ITU) . This portal is being updated and provides great information on standards. In this case assignments, you are required to go over the "required" readings available in background material about security standards. You are also encouraged to browse the optional material for other relevant material. When you've read the required articles and conducted additional research on the optional readings and other readings you find interesting, please compose a short (3-4 pages without counting the cover and references) paper on the topic: "What information standard(s) should your company follow and why?" Some of security standards available are ISO27002, ISO17799, Rainbow Series, TCSEC, ITSEC, Common Criteria, IETF, GMITS, GASSP, OECD, and the 800-series. Below are some questions for you to think about to help you get started: - Select an organization that you want to focus on in this assignment (it could be your own or just any company that you know about). - provide a comprehensive definition of security standards - Make sure you refer to ISO17799 (ISO17799 has been replaced by ISO27001 and 27002 but you may refer to ISO17799 since that is the one that has more material available online). - What art the most important categories or standards that you would recommend your company to follow and why? In your justification describe the type of company you are referring to. Remember, you do not have to explicitly answer these questions in your assignment. You should think about these questions and then integrate your thoughts into a well-organized answer to the primary question. Case assignment expectations: Your assignment will be graded following these expectations: - Precision: the main questions asked are answered. - Clarity: Your answers are clear and show your good understanding of the topic. - Breadth and depth: The scope covered in your paper is directly related to the questions of the assignment and the learning objectives of the module. - Critical thinking: It is important to read the “required readings” posted in the background material plus others you find relevant. Your paper should include important concepts from these readings and incorporate YOUR reactions and examples that illustrate your reflective judgment and good understanding of the concepts. - Your paper is well written and the references are properly cited and listed - Your paper meets the page requirements not counting the cover page or the references pages.
Essay Sample Content Preview:
What information standard(s) should your company follow and why University Name Student’s name Course name Course number Professor’s name Date Organizations undertake security standards to ensure a safe working environment. These standards entail prescriptions on how to implement various security policies of a given organization or company. A company security policy may simply indicate that staff must be proactive in ensuring security at the company premise while one of the standards may prescribe that staff maintain security by always wearing their identity badges while at the premise. Information security aims at preserving the company’s information to meet the targets or objectives of the particular business (Petlier, 2002). ISO17799 was the best practice internationally accepted security controls for information before replacement by ISO27002. It has two components namely ISO 17799 which is a code of practice and BS7799-2 which is a more specific management system for information security (Calder , 2009). The standard is a collection of controls catering to a variety of information security needs in for profit and not for profit organizations. Businesses around the world have adopted e-business into their operations and hence the need for security certification to negate customers concern about risks revolving around e-business. This implies that those businesses that have certification benefit from more business because customers have more trust in them as compared to those without certification. For companies to have an edge over their competitors, they must strive to get full certification, ensure that their security policies cover all the key ISO17799 areas as well as ensure compliance (Kim & Solomon, 2008). The ISO17799:2005 contains one hundred and thirty four controls which have basis on eleven areas namely information “security policy, organization information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management business continuity management and compliance” (Tipton, 2007, p. 422). The recent standard specification information security system is the ISO 27001 which is a more buyer neutral and non-technology dependent management system. It caters for both small and large organizations in all the sectors. ISO 27002 is the code of practice for management of information systems (Calder, 2009). This paper shall consider the ISO 17799 security standard for financial services company called Barclays. For a business in the financial sector to thrive, customers and shareholders must have a guarantee on the security of the banking channels involved such as the internet, teller, ATMs and telephony used by the bank (Kim & Solomon, 2008). Barclays has to capitalize her security energies towards preventing data loss. As the institution maintains network security, it should also dedicate substantial attention on data at rest and data in motion. This is an important information security strategy that ensures the security professionals in the bank are aware of what information the ba...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Sign In
Not register? Register Now!