Security Legislations and Standards Essay Example | Topics and Well Written Essays - 1000 words

Security Legislations and Standards - Essay Example Some of the well known examples of these rules and regulations comprise the Clinger Cohen Act, the GPRA (Government Performance and Results Act) and FISMA (Federal Information Security Management Act). Seeing that these rules, policies, and regulations are very important for the measurement of information security, thus including them for the information security performance management is useful for the businesses (Chew, Swanson, Stine, Bartol, Brown, & Robinson, 2008). This paper discusses the various aspects of Security Legislations and Standards. Legislations and Standards Serving their Purposes Global information security management guidelines play a significant role in organizing and determining organizational information system security. In this scenario, organizations use various rules and guidelines (such as BS ISO/IEC17799: 2000, BS7799, SSE-CMM and GASPP/GAISP) in order to determine and compare how authenticated their strategies are, and how extensively they are implemented . However, it is discovered that BS ISO/IEC17799: 2000, BS7799, SSE-CMM and GASPP/GAISP were general or common in their scope; as a result they did not focus on the dissimilarities exist between organizations and the reality that their safety needs are exceptional. In addition, according to the research those security strategies were authenticated by application to extensive capability thus it was not a dominant foundation for significant global information security strategy. Thus, to cope with these limitations, it is assessed that information security management strategy should be observed as a library of policies material on information safety management for the committed companies (Siponen & Willison, 2009). In this scenario, organizational directed security standards are different in intensity of concept. In addition, they differ from slack structures for security management (for example GMITS), to a record of security essentials i.e., " perform that, don’t carry out tha t" (for instance standards like BS7799 1993, IT Protection guide 1996), that look like those in list of tasks or responsibilities (for instance "clients should implement passwords whose length is more than 8 characters) that inserted security to information system in a mark in the pack way. Furthermore, development standards also encompass a public level function, as they offer the safety â€Å"development† rank to the business (Siponen & Willison, 2009). How to enforce these Legislations and Standards? The legislation and standard of ‘good practice’ for information security is the leading influence on information security. Additionally, it ensures information security by following a company’s viewpoint, as well as offers a realistic establishment for evaluating corporate data and information systems’ security. In order to effectively implement security management standards and techniques we first need to see the nature of security issues and danger s which an organization is currently facing. In this scenario we need to assess some important security issues those need to be managed and handled through simple security solution. For the management and neutralization of serious security and privacy management aspects we need to build and implement an effective business management policy that could effectively oversee security and privacy related aspect. In this scenario, the basic aim of information security management and standard enforcement is to react against the needs of global security management associations. Another aim is to focus on developing some useful strategies for better handling and