Introduction
Data is one of the essential resources of an organization, as other critical business resources, thus it should be reasonably secured. This is particularly essential in today's expanding business atmosphere. Because of this expanding interconnectivity, data is presently introduced by an increasing number and a more extensive range of dangers and vulnerabilities. Data can obtain in many structures - a composed of paper, printed documents, saved electronically, transferred by a traditional mail or electronic mail, or it can be expressed by means of conversation. Whatsoever the approach or method by which data is obtained, it should be properly secure. Data security is the assurance of information from an extensive variety of threats
…show more content…
The controls should be standardized, actualized, assessed, and enhanced if needed, to guarantee that the particular security and the goals of the organization are achieved. Therefore, information security works as an empowering agent and prevents the risk to come. The connection between private and public networks as well as the sharing of data resources are rapidly increasing and difficult to control. Numerous information systems have essentially not been intended to be secure and the security is limited. Accordingly, those frameworks must be upheld by suitable management and techniques.
Determining on which controls ought to be set up requires precise planning and though in every detail. The purpose of this paper is to identify the information standard that an organization should be used. Give a thorough meaning of security standards. Ensure that the security standards are supported by the ISO17799. Define and evaluate the essential categories or standards that an organization to take after as well as describe that company.
The
…show more content…
ISO17799 refers to the various important factors wherein the organization must accomplish on the off chance that it is to be a successful information security implementation (Ma & Pearson, 2005). It includes the policies that indicate the organizations' objectives, utilizing a consistent approach with authoritative culture, responsibility from the administration, a great comprehension of necessities, compelling policy declaration, appropriate learning and training, and evaluation to guarantee consistent change (Miller, 2006).
Categories of Standards
By making these policies and guidelines and strategies that employees must comply to obtain the effectivity as well as the goals and objectives of the organization. Below are the main points to recommend to an orgnaization:
• The employees under RTO Trading in which the data resources is accountable for logging and
The security controls, policies, procedures, and guidelines were tested using the security testing plan that was evaluated by a security team to correct and report flaws in the system design. The only major flaw doesn’t relate to the network or the physical system itself, but instead policies and procedures seem to be at the highest risk. Policies and procedures explain that the chain of custody during media transportation and disposal should be logged and tracked impeccably. I believe putting stronger controls in place for the transportation of media would lower the risk of exposed confidentiality tremendously. I believe each device used to transport should be trackable at any given time, rather than just by logs.
Information security considered as the procedure of protecting information against unauthorized access, disclosure, disruption, modification, use, or destroyed. In other word information security include defending information whatever the form this data may take. Although each organization employ information security to protect its secret data, but security breaches or identity theft may take place, security breach mean illegal access to defined categories of personal information. In other word it mean illegal access to personal information to use, destroy or amend it (Cate, 2008, p.4).
Having security basically means that the data is safe from unauthorised or unexpected access, modification or deletion of files. Due to the vast majority of files being stored on a form of electronic device in the modern world, it is the job of the company, in this case Tesda, to ensure that access is limited to certain individuals and that they pose no threat to the company. Although there are many ways of accessing this information illegally, Tesda should concentrate on protecting against the most common types like viruses and system failure etc. Ensuring that there is a backup server is essential as this information is what keeps the business running and losing it will have a massive impact on them. Within Tesda, it will be the role of the management to assess who should and shouldn’t be granted access to particular bits of information and whether or not they will have it as read only or being able to edit the document.
Many people in the company need access to data to help them do their job better. The main questions revolve around who needs what data, and who chooses what data gets to be shared. Looking at all the pieces, as well as the IT and information assets, the governance of the data belongs to a data owner (Khatri & Brown, 2010). The main questions to be answered must include who is the data owner? Who is responsible for data quality?
• Security that all transmissions are protected when being transmitted over the electronic communications
Worth noting is that, IT governance and its mechanisms such as; IT organizational structure, governance committees, approvals and budgeting processes (Weill, 2004) can be found in every enterprise but the only difference is that, enterprises with an effective proactive governance also have in place active IT governance mechanisms which enables their appropriate behavioural patterns to be fitted into the organization’s goals, strategy, values, norms, mission, and culture, to crown it all successful. Therefore from the above description of IT governance one can now easily pin-point the key issues related to an effective IT governance mechanisms, highlighted in Galliers & Leidner chapter 12, (2009, p. 303-4) by Weill, (2004) as explained below:
1-What is the difference between a threat agent and a threat? A threat is a constant danger to an asset, whereas a threat agent is what facilitates an attack. 2-What is the difference between vulnerability and exposure? Exposure is a condition of being exposed and it exists when a vulnerability is known to an attacker while Vulnerability is a weakness or fault in a system or protection mechanism that opens it to attack or damage.
1. Know your position and what responsibilities come with it. Know what is expected from you not only as a manager but as an employee as well. This will allow you to perform, behave and react in an appropriate manner. 2.