ISS Compliance Outline
Information security plays an integral role in the protection of data and other assets of an organization. Despite its integral role, we often hear of information security concerns and incidents. These incidents include hacking, data leakage, wiping of information, stealing of information as well as altering sensitive data. These incidents lead to a number of devastating effects such as sensitive information getting in the wrong hands or company espionage. For this reason, organizations need to understand fully the gravity of the information security standards’ issue. They need to devote more attention, time, and money to the protection of information assets. Information security needs to be the top priority for both businesses and the government.
To address the situation, governments and organizations have set up standards and benchmarks that ensure information security and that a sustainable level of security is maintained. The regulations have also been established in order to ensure that all the information resources are used appropriately. The standards also ensure that the best security practices are implemented in all spheres of information systems. There are a number of standards that can be followed, but they need to be implemented properly if they are to be successful. The purpose of this paper is to outline some pertinent topics that will be covered in ISS compliance.
a). Standards for Information Security
This section details the different information security standards that have currently being adopted across the industries. The various standards include:
I. ISO/IEC 27002:2005 (Code of Practice for Information Security Management).
II. ISO/IEC 27001:2005 (Information Security Management System Requirements)
III. ISO/IEC 15408 (Evaluation Criteria for IT Security)
IV. ISO/IEC 13335 (IT Security Management)
b). The Information Technology Infrastructure Library (ISO/IEC 20000 SERIES)
c). Regulation concerning information technology
IV . FISMA
d). Implementation of the Information Systems Standards.