Introduction
In this 21st century, having a secure information technology can be the difference between success and failure. Just like other important assets of any business, information is also a key asset that needs to be secure all the time and more so because of the new threats that might expose this vital asset (Johnson, 2014). Today, many organizations utilize various security framework that helps them to identify where their information might be under threat and more importantly how to mitigate such issues. This paper discusses one of the security framework, design an information security framework, and explain the importance of complying with IT security control laws. The paper will also outline business challenges involved in developing an efficient IT security policy framework and finally discuss challenges and issues involved in the implementation of IT security policy framework.
Designing an IT Security Policy Framework
Before an organization concludes which security framework fits them best, it is important to consider several factors related to the framework. One of the key factors an organization should look at is the stipulated compliance requirements. Depending on the filed an organization belongs to, they can choose to have COBIT, ISO 27000 or the NIST SP 800.
The NIST SP800 that is the "National Institute of Standards and Technology Special Publication 800" is the security framework that I choose to discuss. This security framework is usually utilized by many government agencies but other organizations prefer another security framework since NIST SP 800 has many federal laws binding into it. Nevertheless, NIST SP 800 is a federal agency that is not regulated and encourages innovation at all times (SP800, N. I. S. T., 2014). It is also a center of measurement of standards with its main goals being to advance technology, standards, and science (Johnson, 2014). Additionally, the security that NIST SP 800 provides ensures that our business and our economy are secure and consequently our quality of life improves significantly.
For about 30 years, NIST SP 800 has been setting the pace for other security frameworks and most of them have utilized the ideas it has when designing their own programs related to information security (SP800, N. I. S. T., 2014). My role as a consultant for a medium-sized insurance organization is to develop an "IT Security Policy Framework" and I have selected NIST SP 800 to utilize when developing the model for the security policy. The reason for choosing NIST SP 800 is because of the organization is overseen by federal law.
IT Security Policy Framework
The following outline will highlight the major sections stating role in every section as per the 7 major domains of IT.
- Recognize - how to correctly recognize and control security-related threats to information systems and data.
- the proper strategy of managing risk
- Assessing risk
- Managing assets
- Governance
- Business environment
- Safeguard - all protections and controls required to daunt threats of cybersecurity.
- Protective systems and software
- Up-to-date system maintenance
- Securing data
- Training and awareness
- Access controls
- Detect - monitoring all systems to notice cybersecurity in punctually.
- Constant monitoring
- Keeping up with new trends
- Correct detection procedure
- Response - efficiency in responding to an attack
- Prior planning of response
- Correct mitigation process
- Analysis of data
- Effective communication
- Enacting enhancements
- Recovering - continuing with business activities after the incidence
- Reviewing the incidence
- Planning recovery
- Communicating
Compliance of IT security controls
The United States' laws and regulations on designing a security policy framework must be adhered to any given time to ensure there is compliance. However, complying with these laws and regulations is sometimes challenging as they always keep on changing. The laws are made with the best interest when it comes to security and they ensure there is correct monitoring implementation, organization, and planning when designing policy frameworks (Layton, 2016). Nevertheless, when NIST SP 800 framework is used to develop policies, they are more likely to comply since it's the golden framework standard.
Business Challenges within Each of the Seven Domains
When developing an effective IT Security Policy Framework several business challenges can develop in any of the seven domains (Layton, 2016). One of the major challenges is inadequacy when it comes to awareness of the current standard, procedures or policies. For the WAN Domain, the challenge that can arise is to make sure that WAN developed is fast, reliable and cost-effective (Johnson, 2014). When it comes to the workstation domain, one challenge that can arise is installing the security measures without interfering with daily operations (Kim, McGraw, Mamo & Ohno-Machado, 2013).
Implementation Issues of IT Security Policy Framework
The IT security policy framework I have chosen that is NIST SP 800 is a proven and effective framework, therefore it is likely to have fewer implementation issues. Nevertheless, there could be challenges when policies are not enforced correctly during implementation leading to breaches because of the collapse of the data security management. To counter this challenge, it is key to have quality control checks that will ensure all policies are enacted. Furthermore, more training would be offered if the threats are significant. Another challenge is convincing every department within the organization why it's important to have such IT security changes. To have a fruitful security policy implementation, it is paramount to have an individual understanding of major concepts and the necessary material required. Proper training and education can be used to mitigate this challenge.
References
Johnson, R. (2014). Security policies and implementation issues. Jones & Bartlett Publishers.Kim, K. K., McGraw, D., Mamo, L., & Ohno-Machado, L. (2013). Development of a privacy and security policy framework for a multistate comparative effectiveness research network. Medical care, 51, S66-S72.Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.SP800, N. I. S. T. (2014). 161,". Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft).
Cite this page
IT Security Policy Framework Paper Example. (2022, Jul 03). Retrieved from https://proessays.net/essays/it-security-policy-framework-paper-example
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Dell's Strengths: Brand Reputation, Quality Commodities, Mergers, and Acquisitions - Essay Sample
- Essay Sample on Internal Conflict Style: Positive & Negative Impacts on Org. Conflict
- Essay on Common Core: Setting Academic Standards to Make US More Competitive
- Essay Example on IoT: Benefits, Risks, and Phishing Challenges
- Essay Sample on Securing Your Software: Best Practices in the SDLC
- Time Management: Key to Organizational Success - Essay Sample
- Design Thinking: A Futuristic Approach to Innovation and Change Management - Free Paper