The information technology security strategy is essential in an enterprise that depends on three information activities. Three excellent data practices are confidentiality, availability, and integrity: Confidentiality refers to the protection of confidential data by restricting access to it for those who have been trusted. Only genuine and trustworthy information is available due to accessibility and integrity.
The Framework of COBIT
The COBIT Framework has seven different types of information requirements. COBIT demonstrates how the IT support an organization, IT capital, and value distribution are all carefully tapped. IT threats usually are efficiently handled with well-organized IT performance indicators to monitor and follow their development. The first aspect is a success, which confirms only the relevant data to the industry’s requirements. Competence values the availability of knowledge by using optimal and cost-effective pricing, which denotes cost-effectively (Akinsanya & Sun 2019). Confidentiality entails keeping confidential information secure from prying eyes. Integrity being linked to authenticity and knowledge accuracy. Availability refers to the ease with which you can access data in perfect form and at the right time.
When processing information for the organization, compliance ensures that laws, guidelines, and directives are strictly followed. The COBIT arrangement includes contractual contracts in handling data and information (Akinsanya & Sun 2019). The last one, information dependability, has also been discussed in the COBIT framework regarding stipulating a certain level of accurate supervisory decisions.
ABC IT Security Policy
- Policy Title: For the company “Information Technology Protection Policy.”
- Responsible workplace: Information Technology,
- Endorsed by: Information protection Policy board
- Contact: ABC
- Effective Date: 2021
- Last Update: 2021
A policy statement for a medium-sized insurance company contains confidential, classified, precise, and a variety of details restricted by contractual arrangement and is subject to unauthorized disclosure (Akinsanya & Sun 2019). Furthermore, since knowledge is critical to industrial processes, its unavailability and integrity would be detrimental to a medium-sized insurance company.
Establishing Compliance of IT Security Controls with US Laws and Regulations
The organization would struggle to balance implementing the appropriate security controls and obtaining worker compliance. Technological clarification alone cannot provide satisfaction; should implement additional supervision methods. As a result of establishing a protection control, the US government offers many relevant requirements to the company in developing protection controls that protect clients and customers in general. The government requirements should adhere to the organization to a great extent possible. For example, a “fitness insurance Portability and Accountability Act,” similar to the educational rights and privacy act, should be followed in a healthcare setting (Georgiadou & Askounis, 2020). The act establishes a framework for an association that adheres to the standards required. The modification of policies in collaboration with the organization’s manager supports the organization’s unique mission. Would strategically implement the criteria to increase the number of satisfied employees. There are several methods for increasing fulfillment, two of which are based on avoidance theory. The theory supports both unconstructive and proactive enforcement punishment and their payment since they correlate to increased policies (Georgiadou & Askounis, 2020).
Business Challenges
Each of the seven major IT system domains has a corresponding market dispute. When interacting with an individual part of IT, the user domain faces many difficulties. Clients can inadvertently mismanage sensitive data. Since specific attacks could require negotiating a comprehensive, complete network, such as a warm network, the work domain should have been kept secure (Georgiadou & Askounis, 2020). Since you can contact it from outside the office, the LAN domain can become vulnerable to malware. A WAN domain usually faces problems related to cost dependability and bandwidth. Based on the financial plan and business conditions, the association must balance both pieces. The remote access domain shrinks as the LAN perimeter expands. Like the LAN domain, remote access requires additional usage policies and encryption (Georgiadou & Askounis, 2020).
The Security Policy Framework Implementation Issues
Since all seven major domains will reveal various issues and challenges to industries, they must be adequately identified and addressed. Can be mitigated an insurance company’s client domain causes by employing physical solid and managerial security controls. To have the best security, all parties should work together directly (Leszczyna, 2018). Can be installed malware protection on all workstation processors to fix issues in the workstation environment. This way, if the device is targeted, it affects the fewest number of systems possible.
An insurance company’s LAN should also be protected appropriately, maybe with a “Virtual Private Network” instead. The company can only allow top executives to contact the LAN remotely. To prevent LAN from being misused for cyber-attacks, strict terms of use should be extended to this region (Leszczyna, 2018). Because of the risks associated with a LAN-to-WAN domain and the fact that many insurance firms primarily work outside of the Internet, the company would need to improve this domain with as much security as they can afford. To overcome the WAN domain’s issues, the company should assess the importance of speed and dependability and a financial plan for this connection. Can efficiently resolve issues with remote access by completely prohibiting such access.
Finally, installing the proper security system for an organization must be done carefully and intentionally, as it cannot be too loose or too rigid. If a structure has been selected, the organization must adapt it to its specific information security situation.
References
Akinsanya, O. O., Papadaki, M., & Sun, L. (2019). Current cybersecurity maturity models: How effective in the healthcare cloud?. In CERC (pp. 211-222).
Georgiadou, A., Mouzakitis, S., Bounas, K., & Askounis, D. (2020). A cyber-security culture framework for assessing organizational readiness. Journal of Computer Information Systems, 1-11.
Leszczyna, R. (2018). Standards on the cybersecurity assessment of smart grid. International Journal of Critical Infrastructure Protection, 22, 70-89.