Inf/325 Week 3 Information Security Management
Information Security Management
INF: 325, Telecommunications & Networking Concepts
Ashford University
Often Information Technology Directors overlook that information security is more of a people issue rather than a technology issue. We rely heavily on people’s awareness, ethics and behavior, and an understanding of what they want to achieve is essential to accomplish the goals of business. This includes the employees that deliver services and the customers that take advantage of them, as well as the senior executives that outline the budgets.
Information security teams from the top down should be capable of working collaboratively with business units participating on strategy committees, assessing business …show more content…
Conduct an annual training session for all owners, managers, employees and independent contractors—and periodic training for new employees working for the firm on the elements of this information security plan, the contents of the firm’s “Privacy Policy,” and any other requirements of federal or state privacy laws. All persons in attendance should be required to certify their attendance at the training, their receipt of the firm’s privacy policy, and their familiarity with the firm’s requirements for ensuring the protection of customers’ non-public personal information.
Determine reasonably foreseeable internal threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or information systems, assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information, and evaluate the sufficiency of existing policies, procedures, customer information systems, and other safeguards in place to control
INF: 325, Telecommunications & Networking Concepts
Ashford University
Often Information Technology Directors overlook that information security is more of a people issue rather than a technology issue. We rely heavily on people’s awareness, ethics and behavior, and an understanding of what they want to achieve is essential to accomplish the goals of business. This includes the employees that deliver services and the customers that take advantage of them, as well as the senior executives that outline the budgets.
Information security teams from the top down should be capable of working collaboratively with business units participating on strategy committees, assessing business …show more content…
Conduct an annual training session for all owners, managers, employees and independent contractors—and periodic training for new employees working for the firm on the elements of this information security plan, the contents of the firm’s “Privacy Policy,” and any other requirements of federal or state privacy laws. All persons in attendance should be required to certify their attendance at the training, their receipt of the firm’s privacy policy, and their familiarity with the firm’s requirements for ensuring the protection of customers’ non-public personal information.
Determine reasonably foreseeable internal threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or information systems, assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information, and evaluate the sufficiency of existing policies, procedures, customer information systems, and other safeguards in place to control