Regulations and Policies of Inforamtion Security
Autor: vinaynairkodanam • November 1, 2015 • Research Paper • 3,959 Words (16 Pages) • 907 Views
A STUDY ON
REGULATIONS AND POLICIES OF INFORAMTION SECURITY
PROJECT PAPER SUBMITTED BY
KODANAM VINAY KUMAR NAIR
FUNDAMENTALS OF SECURITY TECHNOLOGIES
INSTRUCTOR: DR. GERALD JOHNSON
NOVA SOUTHEASTERN UNIVERSITY
ABSTRACT: The most important factor in information security is to know about its regulations and policies and it can also be considered as the weakest part in information security. Certain requirements are implemented for security control for the needs of an organization. These security policies are made to ensure the selection of sufficient information and also protects assets and controls the confidentiality of the information. Failure to secure the policy of information may result significant financial risk and may lose the important data. This research includes about polices and standards in information security and benefit of regulations and policies. Some of the regulations are information confidentiality, information content are established for the minimum standard of information security and for internal controls. These regulations and policy are good starting point for determine what the information security policy consist of, but should not depend totally for guidance. It is far more important that information security policy and regulations must fit in an organization’s culture and should be updated frequently. To some, a policy is the directive of senior management on how a certain program is to be applied and certain roles and responsibilities whom to assign and goals and objectives. Policy perform two roles internal and external, internal portion tells employees what is expected of them and how their actions to be judged. External portions tells the world how it is running, that there are policies and regulations which supports the business and practices. Internet access and firewall configuration are in compliance with security policy, regulations and procedures that have been enforced to use it. Policies tell users what they can do and what cannot do while using corporate computing resources. Many organization create a group or individual person to create all this regulations and policies. This paper is about the regulations and policies and how it is implemented and used in company or organization. There are also types of policies which is discussed in this paper. Most organization have standard set of policies and regulations for saving sensitive information
INTRODUCTION: Organization depends more upon information systems and requires them to manage the risk associated with those systems. Today, information security is considered as more challenge for many organization since these risk may have dire consequences, including corporate liability, loss of credibility, and monetary damage. Ensuring information security has become one of the top priorities in many organizations. To ensure the safety and reducing the risk these organizations rely on technology-based solutions. Success in information security can be achieved when an organization invest both in technical and socio organizational resources. Organization create Internet Service Provider (ISP) to provide employees guidelines concerning how to ensure information security while they utilize information systems. Creating guidelines of security and policy regulations is an essential starting point to ensure safety of data in information security. Researchers state that development of information security policy and regulation is the first step to prepare on organization against attack from external and internal sources.
...