Review and evaluation of information security program Term Paper

Review and evaluation of information security platform - Term written report ExampleIntroduction 3 2. Information security governance and its strategy 4 3. Regulations for information security in banking software industry and their influence on governance of the security program 4 4. Information security governance model and framework 6 5. Implementation of companys security program, challenges and their remedies 12 6. Measuring the companys information security program success 13 7. What is working well within the companys security program? 14 8. What is not working well within the companys security program? 16 9. Improvement of information security governance 17 10. conclusion 18 Review and evaluation of information security program 1. Introduction An IT oriented company is more prone to information security risks than a regular institution. The company in consideration appropriates banking software services which is a complex task requiring complete security to its clients. The company consists of several departments such as administration, finance, software development among others making the total workforce to be over 200 individuals. The company Information security governance formulates strategic goals, ensures achievement of goals, manages risks exact use of resources, and carefully assesse the achievement of the information security program. ... Previously the company has not had well-structured procedures to evaluate attainment of the set information security objectives in prepare to take appropriate intervention measures. As of now the company has an efficient approach to management of security threats and risks. This approach has been made possible by carrying out of some aspects of security management. Information security policies According to Monaghan (2009), there are various security policies that ensure effective information security governance and provide a way of protecting organizations information assets (information andinformation s ystems) from destruction, disruption, unauthorized access, use or disclosure. Personal Communication Devices and Voicemail policy describes Information Securitys requirements for exercising of Personal Communication Devices and Voicemail that include all handheld wireless devices, wireless cards and pagers for an organization. Bluetooth devices and voicemail boxes are issued to authorized personnel upon approval. This policy further dictates that files containing data that is deemed minute shall never be stored on these devices. Physical security policy governs access to facilities housing critical information systems and back-up systems like the company server rooms. These facilities are instance to access monitoring enabling the capture of identity of the person entering or exiting as well as the timestamp. This policy ensures secure location of vane devices, servers and storage media are accessed by authorized personnel and that entry codes are changed periodically where lockin g mechanisms with keypads are used. It gives