Information Technology Security Policy Framework

Terry Chad Carroll

INFORMATION TECHNOLOGY SECURITY POLICY FRAMEWORK

CIS462

Security Strategy and Policy

Introduction

Any organization, whether private or public has various goals that it must meet within a certain period. The goals can be high level tactical goals such as increasing goods and brands in a private organization and the concrete goals such as reducing the rate of collecting taxes in public organizations. The goals sometimes cause both external and internal conflicts since the organizations have to uphold their security in today’s environment. Organizations institute Information Systems (IS) based on the type of IT they employ (Nnolim, 2007). The organizations are aware of the threats that these information systems encounter.

ISO27005 is a global standard that draws a universal model on how an IS/IT security threat responsiveness is performed. IT frameworks and policies assist organizations in communicating the organizational behaviors, mitigating risks and contribute to attaining the goals set at the organization. Developing IT policies and frameworks in a continually changing environment is a complicated task but a necessary one (Nnolim, 2007). Organizations may not appreciate the limitations, risk factors and the advantages of emerging technologies such as cloud computing. Integrating IT frameworks such as COBIT ensures the organization is better covered and there is cooperation across the organization. This integration also minimizes duplicating controls and offers a consistent strategy addressing business necessities. Any security framework is designed considering the rules and regulations (Nnolim, 2007). Regulations limit the security policies. They control how and organization can collect store and process information. Security policies are used to enforce the limitations. Without these regulations, organizations take shortcuts so that they can enjoy competitive advantage. No matter the information being secured, a security...