Information security implementation plan
\nEach weekly assignment we are working on a section of the final deliverable. So by the time we finish week 7 – the majority of the content for your final paper is complete. During the last week of the course, you will be combining all of the weekly assignments, verifying that you meet the minimum word count (if not, obviously add additional content), massaging the content so it flows well and polishing up the paper as a whole.<\/p>\n
The paper will be an information security implementation plan that addresses: physical security, authentication, network security, encryption, software development, email, Internet, acceptable use, disaster recover, business continuity security awareness, and viruses\/worms.<\/p>\n
The key to this assignment is to demonstrate\/apply your understanding of the topics you have learned throughout your core coursework at APU.
\nInformation security implementation plan
\nI. Introduction (Purpose)
\nThe increased security and data breach incidents in business call for businesses to adopt a solid information security program in the form of the information security implementation to ensure safety and security in the business during the digital age. The absence of an information security program means that the business and customers’ data and operations will be at risk. The implementation of information security plans combines different strategies and aspects that involve culture, guidelines, standards, procedures and policies, and security culture in the organizational activities. The different elements develop a security program by outlining the organization’s plans to ensure that security management is effectively implemented (Flowerday and Tuyikeze, 2016). Combining the different elements develops a security program outlining organizational safety in achieving the principles of confidentiality, integrity, and availability of data. Consequently, the implementation of information security will cover different aspects and scopes ranging from physical security, authentication, encryption, network security, internet, email, disaster recovery, acceptable use, security awareness, business continuity, and viruses\/worms. Implementing the information security plan takes a comprehensive approach to the surety in a business to ensure that data and operations are held within a safe and secure environment.
\nII. Scope
\nThe implementation of the system’s scope needs to be considered to ensure that security aspects are considered in the implementation of organizational safety and security operations. The ISO\/IEC27001 is founded on reality and technical requirements of information security. In implementing the information security plan, the organization considers security measures and requirements as presented in the standard, and they directly affect the organization. Standards detail the process that should enhance the management system’s making up for the organization and the security measures that the organization needs to implement in the interest of information security (Layton, 2016). In this regard, the implementation plan ensures that the organizational assets are evaluated and effectively analyzed; the information security management system in every department is effectively informed to meet the organization’s security needs. Moreover, the organization’s staff needs to be trained and enhance the building of competencies for different roles. This approach ensures that information security is effectively implemented at different levels. Additionally, the scope needs to cover system maintenance and monitoring to ensure that it meets its different duties and responsibilities in enhancing safety and security.
\nIII. Definition of terms
\nInformation security management
\nPersonal data protection entails adopting reasonable security safeguards against modification, disclosure, use, destruction, unauthorized access, and loss of personal information.
\nRisk analysis- examines and evaluates how project outcomes and objectives change due to the impact of risk events in the organization. The qualitative and quantitative impact of the risk is evaluated.
\nRisk assessment- identifying risks and hazards and factors that can cause harm to a business or an organization.
\nRisk response- entails the process of developing strategic options, reduction of threats, determination of actions, and enhancement of opportunities to the project’s objectives.
\nRisk monitoring- takes the ongoing process of risk management that identifies risks, designing of controls, and tracking risk management execution.
\nIV. Roles and responsibilities
\nChief Information Officer (CIO)
\nThe CIO has a critical role in implementing an information security plan to make critical decisions on management, implementation, and usability of information and computer technologies. The CIO ensures that there is the adoption of the relevant technologies for reshaping and increasing organizational security.
\nDirector of Information Security
\nThe director plays a critical role in information security implementation by being responsible for implementing, designing, allocating, and managing technical security measures to safeguard organizational assets or sensitive and confidential data.
\nIT security and policies team
\nThe IT and security teams will be tasked with implementing different operations and functions within the information security implementation plans. The teams are involved in the technical operations, implementation of the security solutions, operations, and troubleshooting. Therefore, the teams’ technical skills and knowledge are required to manage the project and the lifecycle.
\nData protection officer
\nThe data protection officer adopts all the necessary measures and processes to protect personal data belonging to customers, staff, providers, and other parties as per the applicable data protection rules.
\nData users
\nThe data users need to ensure that they adopt the safety and security protection as contained in the procedures, policies, and processes to ensure the safety, availability, and integrity of data.
\nDepartments
\nThrough their heads, the different departments need to adapt the information security strategies to enhance and improve data security and safety. The different strategies need to align their security operations to achieve a comprehensive security strategy.
\n\u2022 Third-party vendors
\nThe third-party vendors need to ensure that they align their security plans and programs to those of the organization they serve to ensure that they do not compromise other organizations’ security and safety. Failure to align security procedures and implementation introduces gaps and vulnerabilities in the system, leading to compromise of security and safety.<\/p>\n
V. Statement of policies, standards, and procedure
\nSystem policies
\nThe system policies need to be adopted to decide the accessibility of computer resources to different parties (Laksono and Supriyad, 2015). Settings are adopted in the computer resources to determine their availability to the individual users, group users.
\nIT standards, procedures and best practices
\nThe IT standards, best practices, and procedures guide product selection and best practices during the deployment of the information security implementation (Huang and Farn, 2016). The implementation of information security needs to be effectively aligned with standards, procedures, and best practices to ensure that effective security measures are adopted, thus eliminating security barriers, gaps, and vulnerabilities.
\nVI. Compliance
\nThe implementation of the Information security program and plans need to comply with the third parties (authorities or the government agencies) requirements to ensure that digital security is achieved (Nieles, Dempsey, and Pillitteri, 2017). The compliance with the third party compliance ensures that there is an enabling business operation in the technological field. The regulatory, legal, and IT compliance are directed towards streamlining the operations in the IT field to ensure that effectiveness and efficiency are achieved in meeting organizational safety and security standards. Compliance is made to ensure that security, safety, and privacy are not compromised; thus, it will be a vital component in implementing security programs and plans.<\/p>\n
VII. Data protection requirements
\nThe implementation of information security plans needs to adopt the relevant data protection requirements to ensure that personal and sensitive data is processed lawfully, fairly, accurately and effectively updated. Moreover, the data protection requirements ensure that relevant measures are adopted to prevent accidental loss or destruction of personal data (El-Haddadeh, Tsohou, and Karyda, 2012). In this regard, the data protection measures need to be fairly and lawfully implemented, the purpose of data must be implemented in the organization, data storage needs to be adequate, accurate, and up to date storage of data, data need to be stored for the required period, the rights of people in the data need to be considered, and data need to be safe and secure in the interest of all the parties involved.
\nVIII. Security training and awareness
\nThe increased cybersecurity and risk issues need to be incorporated into the information security implementation through training and awareness to all the parties involved. The IT security issues are dynamic; thus, there is a need for regular and consistent training and awareness of different information security aspects (Dombora, 2016). The training in the information security compliance training, phishing awareness training, password best practices, data security, ransomware, office hygiene on access to physical information, and the General Data Protection Regulations (GDPR) principles. The training and awareness ensure that the parties to handle the resource assets have the relevant skills and knowledge to take secure and protective precautionary measures.<\/p>\n
IX. Evaluation and revision of the security plan
\nThe implementation of information security needs to consider that the IT field is highly dynamic; thus, there is a need to consistently adopt changes to accommodate the environment’s changes. The evaluation and revision of the information security program ensure that advanced technology and innovations can be adopted in the plan, thus ensuring that availability, integrity, and confidentiality of data is ascertained.<\/p>\n
References
\nDombora, S. (2016). Characteristics of Information Security Implementation Methods. Management, Enterprise and Benchmarking in the 21st Century, 57-72.
\nEl-Haddadeh, R., Tsohou, A., & Karyda, M. (2012). Implementation challenges for information security awareness initiatives in e-government.
\nFlowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. computers & security, 61, 169-183.
\nHuang, C. C., & Farn, K. J. (2016). A Study on E-Taiwan Promotion Information Security Governance Programs with E-government Implementation of Information Security Management Standardization. IJ Network Security, 18(3), 565-578.
\nLaksono, H., & Supriyadi, Y. (2015, November). Design and implementation information security governance using Analytic Network Process and cobit 5 for Information Security a case study of unit XYZ. In 2015 International Conference on Information Technology Systems and Innovation (ICITSI) (pp. 1-6). IEEE.
\nLayton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
\nNieles, M., Dempsey, K., & Pillitteri, V. (2017). An introduction to information security (No. NIST Special Publication (SP) 800-12 Rev. 1 (Draft)). National Institute of Standards and Technology.<\/p>\n","protected":false},"excerpt":{"rendered":"
Information security implementation plan Each weekly assignment we are working on a section of the final deliverable. So by the time we finish week 7 – the majority of the\u2026<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[563],"tags":[],"class_list":["post-26860","post","type-post","status-publish","format-standard","hentry","category-study-bay-paper-writing-service"],"_links":{"self":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/26860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/comments?post=26860"}],"version-history":[{"count":1,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/26860\/revisions"}],"predecessor-version":[{"id":26861,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/26860\/revisions\/26861"}],"wp:attachment":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/media?parent=26860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/categories?post=26860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/tags?post=26860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}