Security Policies, Standards and Guidelines
Module 1 - Background
Information Security Management Frameworks
Required Reading
PowerPoint Presentation on Information Security Management Framework.
NIST (2011). Managing Information Security Risk—Organization, Mission and Information System View. National Institute of Standards and Technology Special Publication 800–39.
NIST (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800–137. Retrieved from http://csrc(dot)nist(dot)gov/publications/nistpubs/800-137/SP800-137-Final.pdf
Ma, Q., Schmidt, M. B., & Pearson, J. M. (2009). An integrated framework for information security management. Review of Business, 30(1), 58–69. (TUI Online Library: ProQuest)
Johnson, E., & Goetz, E. (2007). Embedding Information Security into the Organization. IEEE Security & Privacy, May/June 2007.
Business Software Alliance. https://www(dot)cccure(dot)org/Documents/Governance/governance.pdf
Comparison of OSI to TCP/IP
http://www(dot)youtube(dot)com/watch?v=SII38b0RJr8
http://www(dot)youtube(dot)com/watch?v=RbY8Hb6abbg
http://www(dot)nbcnews(dot)com/id/18095186/#.US6xslfuqLU
Security Policies, Standards and Guidelines
Name
Institution
Security Policies, Standards and Guidelines
In an effort to protect information or data, businesses have to put in place rules and controls. This protects the information, as well as systems where such data is stored and processed from. These strategies can be accomplished by enactment of security policies, standards, and also guidelines. This paper aims to discuss the differences between these security policies, standards, as well as guidelines and decipher the most important from the three (Johnson & Goetz, 2007).
Policies
An information policy denotes high level statements that focus on protecting data within the business and need to be generated by the senior management. Policies, therefore, refer to universal requirements that have to be written down and given or communicated to specific groups within the organization or sometimes outside the business. A policy is like a business rule that people need to observe. A policy summarizes security roles and duties, has to define the scope of the information that needs protecting, and involves an advanced explanation that have to be implemented in order to secure information. The policy also makes references to all standards and strategies that support it (Peltier, 2001). A business can have only one inclusive policy or different policies that are aimed at different departments such as computer use policy or an email policy. Despite the fact that policies vary from one organization to another, typical policies includes a proclamation of purpose, a narrative of the individuals affected, account of any past revisions, some definitions of terms, and above all specific instructions set by the senior management (Peltier, 2004).
Generally, policies are compulsory and as such can be assumed to mean a business-specific law. A special endorsement has to be given if a staff member or worker wishes to conduct an action that goes against the policy. In essence, because of the compliance that is expected, a policy can make use of definitive terms such as “must not” and “you must.” This means they portray both inevitability and unquestionable support from the management (Joint Task Force Transformation Initiative, 2011).
Standards
Standards refer to definite low-level compulsory controls to help in enforcing the security policy. While policies offer general directions, standards are responsible for precise technical requirements. In reality, standards deal with details like those based on implementation steps, system design perceptions and software interface conditions among other essentials. For instance, standards can define the total secret key minutes, which are needed during encryption algorithm. This is unlike policies that would merely define the requirement of using an accepted encryption procedure at times when sensitive data is passed over public systems or networks like the Internet (Peltier, 2001). While policies are meant to last for five years or more, standards are only intended to be enforced for just a few years. Standards also need to be altered noticeably more often compared to policies since the manual processes, organizational configurations, business procedur...
π Other Visitors are Viewing These APA Essay Samples:
- Assessments of network management programs and demonstrations2 pages/β550 words | 3 Sources | APA | Technology | Essay |
- Social Impact of Birth Control2 pages/β550 words | 4 Sources | APA | Technology | Essay |
- Veterans Health Administration3 pages/β825 words | 2 Sources | APA | Technology | Essay |
- Factors Affecting IT Change In Hydro-Quebec4 pages/β1100 words | 5 Sources | APA | Technology | Essay |
- mod5 case ITM440: Data Warehouse and Business Intelligence4 pages/β1100 words | 2 Sources | APA | Technology | Essay |
- Business Paper (ITM-432mod-1)3 pages/β825 words | 2 Sources | APA | Technology | Essay |
- Network Security2 pages/β550 words | 3 Sources | APA | Technology | Essay |