Information Technology Security Policy Framework
The ever-increasing dependence on information systems as the major methods of carrying out company activities has resulted in the need to keep systems of that sort and the related data safely Nevertheless; several business organizations are still not in a position to address the security breaches through the current and the all-inclusive information security policy (Bhardwaj et al., 2016). Therefore, the overarching aim of this research is to give an outline of security policy in light of Information Technology as discussed below;
· To come up with a framework that can be utilized in establishing critical strategies and application policies.
· To interpret the risks associated with the security of E-Business.
· To provide a basic understanding of the results of a security policy on a business organization.
1. What is Information Technology Security Policy Frameworkand what is it designed to accomplish?
2. Should the Framework be applied to and by the entire organization or just to the IT department?
3. What are the main goals of information security?
Information Security Policy
According to Zeng et al. (2020), availability, authenticity, integrity, utility, confidentiality, and possession remain the fundamentals for security. Besides, achieving these fundamentals is not easy in a potential computing environment. The most appropriate strategy aimed at protecting the activities concerning computing is not straightforward since the current technology, which is the most secure, automatically fails in the future.
A Policy Framework for Interpreting Risk in E-Business Security
According to Garbowski et al. (2019), the life cycle of PFIRES is majorly made up of four phases, that is Assess, Plan, Deliver, and Operate where each phase has a clearly defined outlet formula that must be adhered to during the changeover to the next phase.
Phase 1: Assess
The overarching of this phase is to assess the suggested change in consideration of the current policy as well as the organizational environment. Its main results comprise a detailed assessment of the organization, the risks, decisions, and communication plan.
The policy assessment is carried out to evaluate the current policies, quality, guidelines, and approach.
This is aimed at identifying the company’s assets that should be protected and the possible challenges to the assets. It is further divided into:
Conduct Security Assessment: This aims at identifying the factors that may be threatened to result in insecurity of the information assets.
Assess Business Risk: This identifies the most secure assets.
Develop Security Recommendations: This identifies the best strategy for security.
Summarize Assessment Final Recommendations: The findings are finally analyzed to allow the management to make a final decision concerning the suggested change.
Phase 2: Plan
This phase facilitates the implementation of the suggested change. It is further divided into.
This involves coming up with or improving security plans and coming up with a security policy.
This includes a translation of the recommendations to the requirements as well as verification of the requirements.
Phase 3: Delivery
This refers to when the security policy is being implemented. It comprises of two steps:
This includes the designation of infrastructure, determination of controls, evaluation of solutions, controlling the implementation, creating the implementation plan, building, testing, piloting, and deployment.
Phase 4: Operate Phase
This aims to oversee the controls established to protect the company. Moreover, an evaluation of the business and its technology trends are evaluated.
This step aims to administer the operations, communicate, conduct investigations, provide security services, ensure compliance, review trends, manage events, identify internal trends, and escalate to the assessment phase.
In consideration of management’s leading tools, communication among the senior and security management is facilitated by PFIRES. The business organization is expected to discern the instant benefit due to better communication. This area requires many improvements since this will benefit some areas such as organizational behavior and supply-chain. Better models and tools are required for the analysis and management of security gadgets. A study should also be carried out concerning how better the policy management requirements are met and the necessary improvements that should be established for future success.
References Bhardwaj, A., Subrahmanyam, G. V., Avasthi, V., & Sastry, H. (2016). Design a resilient network infrastructure security policy framework. Indian Journal of Science and Technology, 9(19), 1-8. Garbowski, M., Drobyazko , S., Matveeva, V., Kyiashko, O., & Dmytrovska, V. (2019). Financial accounting of E-business enterprises. Academy of Accounting and Financial Studies Journal, 23, 1-5. Zeng, Z., Li, Y., Cao, Y., Zhao, Y., Zhong, J., Sidorov, D., & Zeng, X. (2020). Blockchain Technology for Information Security of the Energy Internet: Fundamentals, Features, Strategy and Application. Energies, 13(4), 881.
The post What is Information Technology Security Policy Framework and what is it designed to accomplish? first appeared on Assignment writing service.