Wednesday, May 6, 2020
An Information Security Program Mission - 1462 Words
An Information security programs mission should be developed in a way that ââ¬Å"aligns with organizational strategies by evaluating business requirements, applicable laws, regulations, standards, and best practicesâ⬠(Module 2). More importantly businesses, governments, and other types of organizations need to incorporate cyber security to conduct business transactions, share information, and interact with customers and suppliers. Threats to the confidentiality, integrity and availability of cyberspace capabilities (e.g., hardware, software, and networks) are threats against the ââ¬Å"economic activities and social interactions that depend upon cyberspaceâ⬠(Module 2).These threats drive the need for cyber security, thus an information securityâ⬠¦show more contentâ⬠¦Furthermore, this paper will provide a general explanation of the business need for information security programs/policies to protect against the loss of profit, damage to the companyââ¬â¢s reputat ion, and cost of litigation. The discussion will provide key concepts in regards to threats and vulnerabilities along with recommended technology solutions that will help manage or mitigate possible impacts and results you implement into your small business. Terms Definitions Confidentiality ââ¬Å"Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.â⬠(44 U.S.C., Sec. 3542) Integrity ââ¬Å"Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.â⬠(44 U.S.C., Sec. 3542) Availability Ensuring timely and reliable access to and use of informationâ⬠. (44 U.S.C., Sec. 3542) Non-Repudiation ââ¬Å"Assurance that the sender of information is provided with proof of delivery and the recipient with proof of the senderââ¬â¢s identity, so neither can later deny having processed the information.â⬠(CNSS Inst. 4009) Authentication ââ¬Å"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.â⬠(NIST SP 800-37) Authorization ââ¬Å"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.