INFORMATION SECURITY MANAGEMENT
Information security management plays a vital role in the success of organizations as it provides better productivity and increased efficiency within organizations. Due to the increased rate of hacks in the past year, new regulations are forcing organizations to keep ethical policies up-to-date and be aware of hackers trying to gain access into systems with the intent to damage systems.
Securing customer information and resources from unauthorised access should be an organizations first priority according to data protection principles, new laws ensure that organizations keep in mind the importance of information security. Managing information security must be done in a systematic and proper manner as the process is complex. An effective way to manage information security is by complying with the standards of ISO 27001 and its frameworks (procedures and policies) which provides a checklist to organizations which are implemented to achieve their objectives and are followed in risk management processes. According to ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” – ISO definition.
Having an effective management system provide many benefits to an organization such as:
- Financial performance is improved, and the use of resources are made more efficient
- Protection to people, environment and risk management is improved
- Improved products and services allowing increased value to stakeholders and customers allowing value
In today’s society information is becoming extremely important to us along with knowledge which need to be highly protected from unauthorised users such as:
All these can cause damage to organizations in multiple ways e.g. through the internet or employees making unknown mistakes. Information security helps organizations by allowing customers to gain more trust in them thus leading to improved efficiency.
As C.I.A we have been tasks with implementing and managing the information security management system, firstly we must gather, analyse and evaluate as much information as we can about the organization, this can be done by auditing, check, monitor and review making sure the ISMS worked as planned. It is very important proper planning is done as organizations could face problems when implementing the ISMS standard such as:
- Issues with communication: insufficient communication within the organization during the certification process
- Issues financially: if the work is not done on time the stakeholders may have to pay for more consultants, more training for employees and higher investment in software’s
- Human resource issues: insufficient knowledge when implementing ISMS is not available
An Information Security Management System (ISMS) is a set of policies related to information management. Understanding the technical features and processes is very important by using frameworks that support ISO 27001 projects and ISMS. The framework will help the organization plan assessment issues and controls, this framework is called Integrated Solution Modelling (ISM). This software tool will be used which manages the RISC levels in the organization against the ISO 27001. This software analyses real time events, reports, collects and stores for regulatory compliance (basically means organization policy).
Once all the information is collected the team will pull everything together to assess the organisations processes and objectives to produce a risk assessment, this assessment will include a heads up by allowing them to spot unusual actions on time e.g. why is this happening, what will occur and how it will impact the organization. As we have been entrusted as the C.I.A and security consultants for the organization we only have responsibilities of giving recommendation to protect the organization and reporting information, the head of the organization will make use of all the information the consultants have provided make the decision.
As the CIA we must ensure best practices which include:
- Making the organizations security our first priority and providing the best service possible
- Ensuring the integrity is held to a high standard and the code of conduct is respected at all times, also being truthful and making the right decisions without any bias decisions.
- Making sure our work is done to the best of our abilities (Excellence) and learning from mistakes we have previously made. We must strive to provide the organization with the best leadership, tools and experience needed for success.
- Our mission is to stand by one another as a team and help with difficult tasks both physically and internally to ensure the best outcomes of the organization.
- We must ensure that our protection (stewardship) strategies and methods are kept secret within the organization until we are demised.
As we have signed the organizations current security and agreement policy we must fully oblige with the terms and condition which means the secrets of the organisation must be held classified for as long as the head of the organization deems it to be. Our mission is to help the organization and avoid damage to systems. We must also ensure information is held locked within the organization as accidental disclosure opens doors for hackers to gain direct access onto the systems.
Information that should be classified are:
- Information of employees e.g. username and passwords
- Intelligent sources and cryptology e.g. ensuring private data is hidden from third parties
- Private details of customers within the organization must be confidential e.g. transaction details such as bank cards should be kept hidden
- Programs being used by the organization for data protection
- System capabilities, plans, projects, installations, physical security should be kept within the organization
The main aim of ensuring confidentiality is by keeping information hidden from unauthorised access. Only the right people with the right privileges should be able to view the information. The techniques and practices that are used to ensure confidentiality of information is cryptography which uses processes like encryption and decryption. One way confidential information can be breeched is by employees within the organization allowing someone to take a look at their screen which means the employee has breached confidentiality. Any employee within the organization can be subject to criminal penalties if they chose to disclose confidential information.
In order for the organization to become successful and challenge, we must ensure that the strength of the workforce is at its very best
An effective way of protecting confidentiality of information:
- By using encryption when transmitting data across networks, this prevents the public or third parties from accessing the data. This method is done by encoding the data with binary numbers and setting passwords which only the sender and receiver know.
- Physical data and access controls such as granting access to information by using passwords and biometrics access with the proper badge.
- Encrypting files into unreadable format which can only be decoded with the correct key
- Encrypting external devices such as hard drives and USB drives
The post Uses of Information Security Management appeared first on mynursinghomeworks.