Business Model For Information Security Essay - 1681 Words

study used the Business Model for Information Security (BMIS). The model manages information security by addressing the complexity of security. It consists of four construct; Organization Design and Strategy, People, Process and Technology which interact with each other (ISACA 2009). According to (Horvà ¡th, 2010) the model emphasizes the importance of an organization culture as applied to information security. In the creation of this culture the following are instituted: alignment of information security with business objectives where security controls used must be practical and provide real and measurable risk reduction; risk based approach where the information security managers understand the institution and are able to select appropriate controls to mitigate potential threats and risks effectively; balance among organization, people, process and technology where there is organizational support, competent personnel, efficient processes and appropriate technology and finally con vergence of security strategies where all security functions are aligned with and support each other. The model has four constructs as explained below: 1. Organization Design and Strategy: An organization is a network of people, assets and processes interacting with each other in defined roles and working toward a common goal. ISACA(2009). Universities have objectives to be achieved as well as values and missions to be pursued. It is therefore paramount to come up with a strategy on how this willShow MoreRelatedSecurity Management Models for Information Systems Essay1075 Words   |  5 PagesBackground Security management within the context of information systems â€Å"needs a paradigm shift in order to successfully protect information assets† (Eloff Eloff, 2003). Due the rapid increase in information security threats, security management measures have been taken to proactively remedy the growing threat facing information security. As a result of this, security management â€Å"is becoming more complex everyday, many organization’s security systems are failing, with serious results† (Fumey-NassahRead MoreRecommendation to Mitigate the Lac of InfoSec Policy964 Words   |  4 Pagessuggest that we use the Gartner Information Security Governance Model to assess the security problem of Inventure Foods, Inc. The Gartner Information Security Governance Model is most suitable for Inventure Foods type of business. It protects the information resources appropriately and efficiently given the company’s limited resources and overstretched personnel. The most important reason why we choose the Gartner Model is that it provides the blueprint for a complete security program and tells managementRead MoreWeaknesses Of Choicepoint Information Security Management Practices1431 Words   |  6 Pages Question 1. What weaknesses in ChoicePoint Information Security Management practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas. In the ChoicePoint case study, By the end of 2004, ChoicePoint was running a business in the personal data industry with almost $920 million annual revenues. Beside Acxiom and Lexis-Nexis, ChoicePoint was either first or second in that industry. Although ChoicePoint s focusRead MoreThe Importance Of IT Security967 Words   |  4 PagesIT security IT security also know as computer security or cyber security or Infosec, is the process of protecting a computer system from the different types of theft or different types of damages to the hardware, software or data stored in that system as well as from the interference or alteration of the services provided by the system. CIA triad’s core objectives are considered for IT security programs: keeping the confidentiality, integrity and availability secure of IT system and company dataRead MoreWeaknesses Of Choicepoint Information Security Management Practices1522 Words   |  7 PagesQuestion 1. What weaknesses in ChoicePoint Information Security Management practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas. Answer: From the beginning, ChoicePoint took steps to protect its data from risks such as theft, computer hacking, and misuse. Its facilities were outfitted with numerous security cameras, and all visitors were required to be photographed. Employees had to use ID cards, personalRead MoreThe Cloud Of Cloud Computing1673 Words   |  7 Pagestopic of the cloud computing industry and security is broad with far reaching intricacies. Therefore, to narrow the subject, the definition of cloud computing as defined by the National Institute of Standards and Technology (NIST) (NIST Special Publication 800-145, 2011) will be used as the foundation for this study. The NIST adopted the (Mell Grance, 2010) cloud computing definition in 2011. (Mell Grance, (2010)) defined cloud computing as a model for enabling convenient, on-demand networkRead MoreWhat Are The Three Cloud Service Models?1378 Words   |  6 Pageso What are the three cloud service models? Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service are the three cloud service models (Grance Mell, 2011). Software as a Service (SaaS): A software vendor or a cloud service provider hosts applications over a network by which a user can get benefitted by them. The term network refers to the Internet. SaaS is a software distribution model (Grance Mell, 2011). Platform as a Service (PaaS): PaaS providesRead MoreOntology Of Information Security In Enterprises. Stephen1483 Words   |  6 PagesOntology of Information Security in Enterprises Stephen Schiavone1, Lalit Garg2 and Kelly Summers3 1University of Liverpool, Fountain Hills, Arizona, USA 2University of Liverpool, University of Malta, Malta 3Medicis Pharmaceutical Corp, Scottsdale, Arizona, USA steve.schiavone@my.ohecampus.com lalit.garg@my.ohecampus.com krsummers@sbcglobal.net Abstract: Today’s global free-market enterprise is reliant on the interconnectedness of social, economic and political ecosystems. Enterprises no longer maintainRead MoreThe Impact Of E Commerce On Retail Industry1697 Words   |  7 PagesE-Commerce on the ‘Retail Industry’ August 8 2016 The Findings and Analysis of customer information on an e-commerce platform. The Improved Marketing techniques of e-commerce. Security issues associated with conducting business over the internet and the methods used to combat these security vulnerabilities’ on e-commerce and the use of social media e-commerce the conventional method of conducting business today â€Æ' The Main Elements of E-Commerce and the impact of E-Commerce on ‘Retail Industry’Read MoreA Plan For Reactive And Proactive Security Planning1173 Words   |  5 Pages582 June 29, 2015 Security Planning After assessing the risk invovled with the organization infrastructure. The next step is security planning which involves developing controls and policies with techniques to help with security. The security strategies will define a plan for reactive and proactive security planning. The planning is developed to protect the company assets. Reactivly planning a contingency plan to implement just in case the orginal plan failed. The security plan will consists