Security Program
SECURITY PROGRAM Outline
Mecael Getachew
Assignment 14
IT-570-OL
Scope
Cyber security is the most important goal in the United States today. In order to achieve this, government agencies and organizations must align the education needed with the required skill-set and knowledge mandatory in the workforce. Information security programs manage business and technical risk by documenting roles and responsibilities in an organization. Information security programs have grown over the last decade because of business-related reasons such as cost control and regulatory requirements. An effective program helps maintain trust between business partners and customers while facilitating guidelines and decision-making in protecting information (Onsett). They provide confidentiality, integrity, and availability for information (stored or in transit) and several other security elements (Office of the CISO).
Especially with concerns to privacy, policies must be complied with and enforced regularly. The Gramm–Leach–Bliley Act mentions three basic privacy rules should be met while dealing with customer information. All individuals and users accessing a network should be aware of the “open nature” of digital information and should assume any event is possible to accessing stored or transferring data. Because no system can absolutely guarantee unauthorized users won’t access information, it is still the responsibility of enterprise to respect and protect it. The protection of information is comprised of the people, process, and technology involved. The vanguard of access control is critical to ensuring the right users have access to the right level of information. Authentication controls must be applied to digital assets so that they are not shared or accessed by unintended users (Cal Poly).
Metrics and processes determine how well the organization adheres to the associated policies, procedures, and guidelines and also help tremendously with staying compliant with other
Mecael Getachew
Assignment 14
IT-570-OL
Scope
Cyber security is the most important goal in the United States today. In order to achieve this, government agencies and organizations must align the education needed with the required skill-set and knowledge mandatory in the workforce. Information security programs manage business and technical risk by documenting roles and responsibilities in an organization. Information security programs have grown over the last decade because of business-related reasons such as cost control and regulatory requirements. An effective program helps maintain trust between business partners and customers while facilitating guidelines and decision-making in protecting information (Onsett). They provide confidentiality, integrity, and availability for information (stored or in transit) and several other security elements (Office of the CISO).
Especially with concerns to privacy, policies must be complied with and enforced regularly. The Gramm–Leach–Bliley Act mentions three basic privacy rules should be met while dealing with customer information. All individuals and users accessing a network should be aware of the “open nature” of digital information and should assume any event is possible to accessing stored or transferring data. Because no system can absolutely guarantee unauthorized users won’t access information, it is still the responsibility of enterprise to respect and protect it. The protection of information is comprised of the people, process, and technology involved. The vanguard of access control is critical to ensuring the right users have access to the right level of information. Authentication controls must be applied to digital assets so that they are not shared or accessed by unintended users (Cal Poly).
Metrics and processes determine how well the organization adheres to the associated policies, procedures, and guidelines and also help tremendously with staying compliant with other
Cited: "Center for Community and Economic Development." Nonprofit Management Education Center. University of Wisconsin, 2006 Garbars, Kurt. "Implementing an Effective IT Security Program." SANS Institute Reading Room Site. SANS Institute, 2002 Information Policy. North Carolina Healthcare Information and Communications Alliance, Inc., 2013. Web "INFORMATION SECURITY MANAGEMENT." Onsett. Onsett International Corporation, Sept. 2001. Web. 22 Apr "Information Security Program." Office of the CISO. University of Washington, 2013. Web. 20 Apr. 2013. . "Information Security Program." Cal Poly. California Polytechnic State University, 5 Oct. 2012. Web. 21 Apr