ITM438 Trident University Information Security Standards & Ethics Paper
Case 4 is in two parts: information security standards and ethics.
Part I
Based on the reading materials at background section and your own research, prepare a 3-5 page report to address the following questions on ISO standards on information security management:
- Describe the Plan-Do-Check-Act process.
- What does this process accomplish?
Part II
Based on the reading materials at background section and your own research, prepare a 3-5 page report to answer the following questions
- Discuss the difference between law and ethics;
- Research the Sarbanes-Oxley Act of 2002 and discuss how it has impacted information security in an organization.
Your paper should be from 6 to 10 pages long. Combine Parts I and II into a single report, labeling each part accordingly..
READING MATERIALS
- Designing and Implementing an Effective Information Security Program: Protecting The Data Assets of Individuals, Small And Large Businesses. Retrieved on March 18, 2013, from http://www.sans.org/reading_room/whitepapers/hsoffice/designing-implementing-effective-information-security-program-protecting-data-assets-of_1398
- Implementing an Effective IT Security Program. Retrieved on March 18, 2013, from http://www.sans.org/reading_room/whitepapers/bestprac/implementing-effective-security-program_80
- A Success Strategy for Information Security Planning and Implementation – A guide for executives. Retrieved on March 18, 2013, from http://www.citadel-information.com/wp-content/uploads/2010/12/success-strategy-for-infosec-planning-and-implementation-0801.pdf
- Implementing Methodology for Information security management system. Retrieved on March 18, 2013, from http://www.giac.org/paper/gsec/2693/implementation-methodology-information-security-management-system-to-comply-bs-7799-requi/104600
ISO 27001 Information security management systems. Retrieved on March 18, 2013, from http://www.youtube.com/watch?v=V7T4WVWvAA8&list=PL5E6D4A5B33DCAE78
Information Security Management Best Practice Based on ISO/IEC 17799. Retrieved on March 18, 2013, from http://www.arma.org/bookstore/files/Saint_Germain.pdf
Information security management systems ISO/IEC 27001:2005. Retrieved on March 18, 2013, from http://www.slideshare.net/ControlCase/isms-presentation-oct-202012
Annual Maintenance For Computers. Retrieved on March 18, 2013, from http://itsecurity.vermont.gov/maintenance
Information Security Program Guide for State Agencies. Retrieved on March 18, 2013, from http://www.cio.ca.gov/ois/government/documents/pdf/info_sec_program_guide.pdf