Posted: August 2nd, 2022

Information security implementation plan

Information security implementation plan
Each weekly assignment we are working on a section of the final deliverable. So by the time we finish week 7 – the majority of the content for your final paper is complete. During the last week of the course, you will be combining all of the weekly assignments, verifying that you meet the minimum word count (if not, obviously add additional content), massaging the content so it flows well and polishing up the paper as a whole.

The paper will be an information security implementation plan that addresses: physical security, authentication, network security, encryption, software development, email, Internet, acceptable use, disaster recover, business continuity security awareness, and viruses/worms.

The key to this assignment is to demonstrate/apply your understanding of the topics you have learned throughout your core coursework at APU.
Information security implementation plan
I. Introduction (Purpose)
The increased security and data breach incidents in business call for businesses to adopt a solid information security program in the form of the information security implementation to ensure safety and security in the business during the digital age. The absence of an information security program means that the business and customers’ data and operations will be at risk. The implementation of information security plans combines different strategies and aspects that involve culture, guidelines, standards, procedures and policies, and security culture in the organizational activities. The different elements develop a security program by outlining the organization’s plans to ensure that security management is effectively implemented (Flowerday and Tuyikeze, 2016). Combining the different elements develops a security program outlining organizational safety in achieving the principles of confidentiality, integrity, and availability of data. Consequently, the implementation of information security will cover different aspects and scopes ranging from physical security, authentication, encryption, network security, internet, email, disaster recovery, acceptable use, security awareness, business continuity, and viruses/worms. Implementing the information security plan takes a comprehensive approach to the surety in a business to ensure that data and operations are held within a safe and secure environment.
II. Scope
The implementation of the system’s scope needs to be considered to ensure that security aspects are considered in the implementation of organizational safety and security operations. The ISO/IEC27001 is founded on reality and technical requirements of information security. In implementing the information security plan, the organization considers security measures and requirements as presented in the standard, and they directly affect the organization. Standards detail the process that should enhance the management system’s making up for the organization and the security measures that the organization needs to implement in the interest of information security (Layton, 2016). In this regard, the implementation plan ensures that the organizational assets are evaluated and effectively analyzed; the information security management system in every department is effectively informed to meet the organization’s security needs. Moreover, the organization’s staff needs to be trained and enhance the building of competencies for different roles. This approach ensures that information security is effectively implemented at different levels. Additionally, the scope needs to cover system maintenance and monitoring to ensure that it meets its different duties and responsibilities in enhancing safety and security.
III. Definition of terms
Information security management
Personal data protection entails adopting reasonable security safeguards against modification, disclosure, use, destruction, unauthorized access, and loss of personal information.
Risk analysis- examines and evaluates how project outcomes and objectives change due to the impact of risk events in the organization. The qualitative and quantitative impact of the risk is evaluated.
Risk assessment- identifying risks and hazards and factors that can cause harm to a business or an organization.
Risk response- entails the process of developing strategic options, reduction of threats, determination of actions, and enhancement of opportunities to the project’s objectives.
Risk monitoring- takes the ongoing process of risk management that identifies risks, designing of controls, and tracking risk management execution.
IV. Roles and responsibilities
Chief Information Officer (CIO)
The CIO has a critical role in implementing an information security plan to make critical decisions on management, implementation, and usability of information and computer technologies. The CIO ensures that there is the adoption of the relevant technologies for reshaping and increasing organizational security.
Director of Information Security
The director plays a critical role in information security implementation by being responsible for implementing, designing, allocating, and managing technical security measures to safeguard organizational assets or sensitive and confidential data.
IT security and policies team
The IT and security teams will be tasked with implementing different operations and functions within the information security implementation plans. The teams are involved in the technical operations, implementation of the security solutions, operations, and troubleshooting. Therefore, the teams’ technical skills and knowledge are required to manage the project and the lifecycle.
Data protection officer
The data protection officer adopts all the necessary measures and processes to protect personal data belonging to customers, staff, providers, and other parties as per the applicable data protection rules.
Data users
The data users need to ensure that they adopt the safety and security protection as contained in the procedures, policies, and processes to ensure the safety, availability, and integrity of data.
Departments
Through their heads, the different departments need to adapt the information security strategies to enhance and improve data security and safety. The different strategies need to align their security operations to achieve a comprehensive security strategy.
• Third-party vendors
The third-party vendors need to ensure that they align their security plans and programs to those of the organization they serve to ensure that they do not compromise other organizations’ security and safety. Failure to align security procedures and implementation introduces gaps and vulnerabilities in the system, leading to compromise of security and safety.

V. Statement of policies, standards, and procedure
System policies
The system policies need to be adopted to decide the accessibility of computer resources to different parties (Laksono and Supriyad, 2015). Settings are adopted in the computer resources to determine their availability to the individual users, group users.
IT standards, procedures and best practices
The IT standards, best practices, and procedures guide product selection and best practices during the deployment of the information security implementation (Huang and Farn, 2016). The implementation of information security needs to be effectively aligned with standards, procedures, and best practices to ensure that effective security measures are adopted, thus eliminating security barriers, gaps, and vulnerabilities.
VI. Compliance
The implementation of the Information security program and plans need to comply with the third parties (authorities or the government agencies) requirements to ensure that digital security is achieved (Nieles, Dempsey, and Pillitteri, 2017). The compliance with the third party compliance ensures that there is an enabling business operation in the technological field. The regulatory, legal, and IT compliance are directed towards streamlining the operations in the IT field to ensure that effectiveness and efficiency are achieved in meeting organizational safety and security standards. Compliance is made to ensure that security, safety, and privacy are not compromised; thus, it will be a vital component in implementing security programs and plans.

VII. Data protection requirements
The implementation of information security plans needs to adopt the relevant data protection requirements to ensure that personal and sensitive data is processed lawfully, fairly, accurately and effectively updated. Moreover, the data protection requirements ensure that relevant measures are adopted to prevent accidental loss or destruction of personal data (El-Haddadeh, Tsohou, and Karyda, 2012). In this regard, the data protection measures need to be fairly and lawfully implemented, the purpose of data must be implemented in the organization, data storage needs to be adequate, accurate, and up to date storage of data, data need to be stored for the required period, the rights of people in the data need to be considered, and data need to be safe and secure in the interest of all the parties involved.
VIII. Security training and awareness
The increased cybersecurity and risk issues need to be incorporated into the information security implementation through training and awareness to all the parties involved. The IT security issues are dynamic; thus, there is a need for regular and consistent training and awareness of different information security aspects (Dombora, 2016). The training in the information security compliance training, phishing awareness training, password best practices, data security, ransomware, office hygiene on access to physical information, and the General Data Protection Regulations (GDPR) principles. The training and awareness ensure that the parties to handle the resource assets have the relevant skills and knowledge to take secure and protective precautionary measures.

IX. Evaluation and revision of the security plan
The implementation of information security needs to consider that the IT field is highly dynamic; thus, there is a need to consistently adopt changes to accommodate the environment’s changes. The evaluation and revision of the information security program ensure that advanced technology and innovations can be adopted in the plan, thus ensuring that availability, integrity, and confidentiality of data is ascertained.

References
Dombora, S. (2016). Characteristics of Information Security Implementation Methods. Management, Enterprise and Benchmarking in the 21st Century, 57-72.
El-Haddadeh, R., Tsohou, A., & Karyda, M. (2012). Implementation challenges for information security awareness initiatives in e-government.
Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. computers & security, 61, 169-183.
Huang, C. C., & Farn, K. J. (2016). A Study on E-Taiwan Promotion Information Security Governance Programs with E-government Implementation of Information Security Management Standardization. IJ Network Security, 18(3), 565-578.
Laksono, H., & Supriyadi, Y. (2015, November). Design and implementation information security governance using Analytic Network Process and cobit 5 for Information Security a case study of unit XYZ. In 2015 International Conference on Information Technology Systems and Innovation (ICITSI) (pp. 1-6). IEEE.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
Nieles, M., Dempsey, K., & Pillitteri, V. (2017). An introduction to information security (No. NIST Special Publication (SP) 800-12 Rev. 1 (Draft)). National Institute of Standards and Technology.

Order | Check Discount