home

Information Security Governance

Read Complete Research Material



Information Security Governance



Abstract

Today, the modern society heavily depends on information technology almost in all activities of human life. All kind of Organizations are facing various kinds of risks, including exposure to the risks for information technology. To manage these risks in the organisation, there are various security governance standards and frameworks. The challenges for an enterprise related to security risks when adopting international standards can be properly controlled and avoided. The purpose of this research work is to explain these models and research how each of them can benefit the organisation. Limitations of each of the frameworks have been highlighted, as well.

Information Security Governance

Introduction

The terms of “Computer security” or “information assurance” means to focus on protecting the informational assets of the organisations. In order to integrate best practices for security, an organization should select the best set of guidelines and enforce the best available framework. This may lowers the overall cost an organization may spend on the management of security risks. On the other hand, inefficient risk management standards may not reduce risk and add more complexity in the organizations efforts to reduce or avoid risks (Jansen. W & Grance. T, 2011).

Information Security Governance and Guidelines

Corporate governance is important because of the increasing business scandals. Corporate governance is a predefined set of controls and policies to manage and direct the organizations. The subset of the Cooperate governance is Information Security Governance (ISG), related to the overall security of the systems. Information security is all too often perceived as a wholly technical issue.

For business organizations, non-profit organizations and educational institutions information security is a technical issue. To avoid this issue, the executives need to make security of information assets, an integral part of the core operations of the business. To accomplish these objectives enterprise may highlight the ISG in controls and policies that comprises of corporate governance.

Governance implies an oversight and control by the enterprise on the overall standards, policies and procedures for acquisition of information technology, as well as the development, designing, testing, and monitoring of applications deployed. In order to grow the organization provides its employees or customer a deeper access to its system for information or services, this may be a real-time access to the information or applications to increase its productivity.

Thus, the Lack of controls of an organization over the employees or customer while accessing the application or information may result in serious problems.That is why information security is given a lot of importance in all the organizations these days. Thus enforcing the best considerations of governance and technology for information security governance is essential as well as the practitioners must understand their requirements and relevant controls to choose from a set of standards and guidelines for security of information.

The Information Security Management System (ISMS) for security governance of information, includes such mechanisms for designing, measures, implementation, system and process maintenance to guarantee the availability, confidentiality and integrity of the information assets of the organization while minimizing the risks for information ...