The Information Technology Security Strategy Research Paper

Exclusively available on Available only on IvyPanda® Written by Human No AI

The information technology security strategy is essential in an enterprise that depends on three information activities. Three excellent data practices are confidentiality, availability, and integrity: Confidentiality refers to the protection of confidential data by restricting access to it for those who have been trusted. Only genuine and trustworthy information is available due to accessibility and integrity.

The Framework of COBIT

The COBIT Framework has seven different types of information requirements. COBIT demonstrates how the IT support an organization, IT capital, and value distribution are all carefully tapped. IT threats usually are efficiently handled with well-organized IT performance indicators to monitor and follow their development. The first aspect is a success, which confirms only the relevant data to the industry’s requirements. Competence values the availability of knowledge by using optimal and cost-effective pricing, which denotes cost-effectively (Akinsanya & Sun 2019). Confidentiality entails keeping confidential information secure from prying eyes. Integrity being linked to authenticity and knowledge accuracy. Availability refers to the ease with which you can access data in perfect form and at the right time.

When processing information for the organization, compliance ensures that laws, guidelines, and directives are strictly followed. The COBIT arrangement includes contractual contracts in handling data and information (Akinsanya & Sun 2019). The last one, information dependability, has also been discussed in the COBIT framework regarding stipulating a certain level of accurate supervisory decisions.

ABC IT Security Policy

  • Policy Title: For the company “Information Technology Protection Policy.”
  • Responsible workplace: Information Technology,
  • Endorsed by: Information protection Policy board
  • Contact: ABC
  • Effective Date: 2021
  • Last Update: 2021

A policy statement for a medium-sized insurance company contains confidential, classified, precise, and a variety of details restricted by contractual arrangement and is subject to unauthorized disclosure (Akinsanya & Sun 2019). Furthermore, since knowledge is critical to industrial processes, its unavailability and integrity would be detrimental to a medium-sized insurance company.

Establishing Compliance of IT Security Controls with US Laws and Regulations

The organization would struggle to balance implementing the appropriate security controls and obtaining worker compliance. Technological clarification alone cannot provide satisfaction; should implement additional supervision methods. As a result of establishing a protection control, the US government offers many relevant requirements to the company in developing protection controls that protect clients and customers in general. The government requirements should adhere to the organization to a great extent possible. For example, a “fitness insurance Portability and Accountability Act,” similar to the educational rights and privacy act, should be followed in a healthcare setting (Georgiadou & Askounis, 2020). The act establishes a framework for an association that adheres to the standards required. The modification of policies in collaboration with the organization’s manager supports the organization’s unique mission. Would strategically implement the criteria to increase the number of satisfied employees. There are several methods for increasing fulfillment, two of which are based on avoidance theory. The theory supports both unconstructive and proactive enforcement punishment and their payment since they correlate to increased policies (Georgiadou & Askounis, 2020).

Business Challenges

Each of the seven major IT system domains has a corresponding market dispute. When interacting with an individual part of IT, the user domain faces many difficulties. Clients can inadvertently mismanage sensitive data. Since specific attacks could require negotiating a comprehensive, complete network, such as a warm network, the work domain should have been kept secure (Georgiadou & Askounis, 2020). Since you can contact it from outside the office, the LAN domain can become vulnerable to malware. A WAN domain usually faces problems related to cost dependability and bandwidth. Based on the financial plan and business conditions, the association must balance both pieces. The remote access domain shrinks as the LAN perimeter expands. Like the LAN domain, remote access requires additional usage policies and encryption (Georgiadou & Askounis, 2020).

The Security Policy Framework Implementation Issues

Since all seven major domains will reveal various issues and challenges to industries, they must be adequately identified and addressed. Can be mitigated an insurance company’s client domain causes by employing physical solid and managerial security controls. To have the best security, all parties should work together directly (Leszczyna, 2018). Can be installed malware protection on all workstation processors to fix issues in the workstation environment. This way, if the device is targeted, it affects the fewest number of systems possible.

An insurance company’s LAN should also be protected appropriately, maybe with a “Virtual Private Network” instead. The company can only allow top executives to contact the LAN remotely. To prevent LAN from being misused for cyber-attacks, strict terms of use should be extended to this region (Leszczyna, 2018). Because of the risks associated with a LAN-to-WAN domain and the fact that many insurance firms primarily work outside of the Internet, the company would need to improve this domain with as much security as they can afford. To overcome the WAN domain’s issues, the company should assess the importance of speed and dependability and a financial plan for this connection. Can efficiently resolve issues with remote access by completely prohibiting such access.

Finally, installing the proper security system for an organization must be done carefully and intentionally, as it cannot be too loose or too rigid. If a structure has been selected, the organization must adapt it to its specific information security situation.

References

Akinsanya, O. O., Papadaki, M., & Sun, L. (2019). . In CERC (pp. 211-222).

Georgiadou, A., Mouzakitis, S., Bounas, K., & Askounis, D. (2020). . Journal of Computer Information Systems, 1-11.

Leszczyna, R. (2018). . International Journal of Critical Infrastructure Protection, 22, 70-89.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, July 16). The Information Technology Security Strategy. https://ivypanda.com/essays/the-information-technology-security-strategy/

Work Cited

"The Information Technology Security Strategy." IvyPanda, 16 July 2022, ivypanda.com/essays/the-information-technology-security-strategy/.

References

IvyPanda. (2022) 'The Information Technology Security Strategy'. 16 July.

References

IvyPanda. 2022. "The Information Technology Security Strategy." July 16, 2022. https://ivypanda.com/essays/the-information-technology-security-strategy/.

1. IvyPanda. "The Information Technology Security Strategy." July 16, 2022. https://ivypanda.com/essays/the-information-technology-security-strategy/.


Bibliography


IvyPanda. "The Information Technology Security Strategy." July 16, 2022. https://ivypanda.com/essays/the-information-technology-security-strategy/.

If, for any reason, you believe that this content should not be published on our website, you can request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1