When we think about security we think about doors, bars on windows, guards, alarms and so forth. When we look at information security we think about passwords and permissions. In the past that is all we needed to protect our information. As technology continues to advance, security takes on a whole new roll. We are no longer storing papers in boxes behind a locked door. We are now securing servers and large datacenters with vast amounts of information.
When we think about security we think about doors, bars on windows, guards, alarms and so forth. When we look at information security we think about passwords and permissions. In the past that is all we needed to ...view middle of the document...
The article by Allen Johnston and Ron Hale examine the planning for information security and enhancing the quality of security.
“A survey conducted by the Computer Security Institute and the Federal Bureau of Investigation found:”
56% of respondents reported unauthorized computer system use during the past year. These unauthorized uses include malicious acts such as theft or destruction of intellectual property, insider abuse and unauthorized access to information that results in a loss of data integrity and confidentiality, as well as malware threats such as viruses, spyware, worms, and Trojans (Johnston and Hale, 2009, p. 126).
To better understand how planning and enhancing security can increase the value in security programs; a survey was conducted of security professionals to see their perception on the quality of their security programs. The results allowed for a comparison between the different businesses and viewing the overall picture how information security plays a role in those businesses.
Information Security Governance (ISG) has a role in creating policies and strategies within a business and protection of information assets. Information Security Governance brings attention to the board and executives, corporations are more effective in addressing and improving security. “In terms of strategic alignment, ISG enables firms to align security with business strategy to support organizational objectives” (Johnston and Hale, 2009, p. 127). Corporations are able to use appropriate measures and reduce risk. When addressing information security as part of the overall strategic plan, policies are easily adopted into the goals and objectives.
In order to validate the value of Information Security Governance, a survey was conducted among managers, auditor and executives that are Certified Information Security Manager. The survey found those who implemented Information Security Governance had higher level of support by upper management over those who did no implement. Thus those that implemented information security had a better relationship between business and information security than those that did not.
The findings from the survey had shown when information security was addressed at a corporate level; employees took greater ownership in protecting the information. Employees did not view security as a barrier but as part of business success. This in turn showed that businesses that used Information Security Governance had a higher level in the quality of protection in information over those who did not.
The study provided support for corporations to include information security planning as part of their operations. Many businesses are not as motivated or have barriers that make it difficult to develop an information security program. There are many benefits for having an Information Security Governance program. Implementers were asked to rate on a scale 1 (low) to 5 (high), “Legal requirements (4.30) were the most influential...