期刊名称:International Journal of Computer and Information Technology
印刷版ISSN:2279-0764
出版年度:2015
卷号:4
期号:1
出版社:International Journal of Computer and Information Technology
摘要:Increased in computer usage by organizations in respect to both internal and external connectivity and the wider use and popularity of the internet are offering many organizations of all types an unprecedented opportunity to enhance and aligned their IT operations by reducing paper processing, cutting costs, and sharing of information. However, the success of many of these efforts depends on an organization's ability to protect the confidentiality, integrity and availability (CIA) of their information in addition with data and systems it depends or relies on. Deficiencies in organization information security and management are becoming a global issue or challenges and raised growing concern among IT professional. Over the years and recently, there has been series of reports on information security issues and challenges in organizations and this, has been noted as wide high-risk area to many organization. This paper will describes sixteen (16) practices (P) related to information security and management organized under five (5) management principles (PP) that we identified during a research study we conducted on both private and governmental organization. These organizations have been identified having good reputations for information security programs and configured appreciable management policies in-place. Each of these practices contains and outlined specific examples of the techniques and control used by these organizations to increase their information security program's effectiveness. Data was collected from both the strong and weak organization and we also used the principle and practice from the strong organization as a yard stick to measure the strength of the weak organizations. The results of the study identified lack of direction, limited budgets and finances, lack of prioritization from senior officials and general ignorance to identify threat by the users. The result is also used to assist and support the weak organizations in strengthening their information security management programs at all levels.
关键词:Information Security Management and data protection policies
