Hai friends ,
Let us discuss doubts and any type of queries for ISCA here. now if any one interested let us discuss chapter 9 IS Security policy
16 Replies
Madhavi
(CA - FINAL)
(1342 Points)
Replied 03 March 2014
Part 1
1. importance of Information System Security
2. Objectives of Information security
3. What information is sensitive
4. Establishing better information protection
5. Basic Grounds rules
6. Preventive information protection
7. Restorative Information protection
8. Holistic Protection
9. Information security policy
10.Purpose and Scope of security policy
11. Components of security policy
12. Types of information security polices
CA PANKAJ
(business consultant)
(288 Points)
Replied 04 March 2014
Please describe holistic protection.
Madhavi
(CA - FINAL)
(1342 Points)
Replied 04 March 2014
Holistic Protection:
1. This is giving complete protection like developing Business continuty plan or disaster continutiy plan.
2. Protection for corporate information systems from Harm or loss is not an easy task.
3. protection must be done holistically i.e completely, i.e not leaving any area thinking that it wont happen like earthquakes, natural calamities etc.
4. Protection should be done giving the organization the appropriate level of security at a cost that is acceptable to the business.
5. one must plan for the unexpected and unknown, expecting the worst events to happen adn recover from these events if and when they occur.
6. But it is quite difficult to plan in advance such events and they always seem to happen at the most inconvenient times.
7. Organization that wait until the last minute to decide on a protection plan and recovery process will suffer.
So Holitic protection should be planned in advance
Madhavi
(CA - FINAL)
(1342 Points)
Replied 04 March 2014
Types of information security policies:
1. Information security policy : This policy provides a definition of Information security, its overall objective and the importance applies to all users
2. user security policy:
This policy sets out the responsibilities and requirements for all IT system users. It provides security terms of reference for users, line managers and system owners.
3. Acceptable usage policy: This sets out the policy for acceptable use of email and internet services
4. Organizational information security policy: It is group policty for hte security of its information assets and the information technology systems processing this information
5. Network and system security policy: Polify for system and network security and applies to IT dept users
6. Information clasification policy: policy for the classification of information
7. Conditions of connection: Group policy for ocnnecting to their network. It applies to all organizations ocnnecting to the gorup, and relates to the condictions that apply to different suppliers sytems.
Madhavi
(CA - FINAL)
(1342 Points)
Replied 04 March 2014
What is information security policy?
A policy is a plan or course of action designed to influence and determine decisions, actions and other matters
Security policy: The security policy is a set of laws, rules, and practices that regulates How assets , including sensitive information are managed, protected and distributed within the organization.
The information security policy addresses many issues such as:
a definition of ifnormation security
reasons why information security is importnat ot the organization
brief expelanation ofthe sercurity policies, principles, standards and compliance requirements
Definition of all relevant information security responsibilities
reference to supporting doucmentation
The auditor should ensure that the :
Policy is readily accessible to all employees and that all employees understand its contents.
Policy has a owner who is responsible for its maintenance and updation
Madhavi
(CA - FINAL)
(1342 Points)
Replied 04 March 2014
Members of security policy:
Security policy broadly comprises 3 goups of management
1. Management members who have budget and policy authority eg: Top maanagement
2. Technical gorup who know " what can" and what cannot be supported eg: Employees of IT dept
3. Legal experts who know the legal effects of various policy charges eg:Advocates, CA, CS
Madhavi
(CA - FINAL)
(1342 Points)
Replied 04 March 2014
what information is sensitive?
1. Strategic plans : crucial to the success of company , very high protection is required for these eg. blue prints, top secrets of business, major decisions
2. Business operations: these consists of organization process and procedures, these are proprietary eg: customers list, clients list , pricing
3. Finances: financial information such as salaries and wages are very sensitive and should not be disclosed to outsiders. This creates competitive edge, As salaries comprises of fixed costs majority, reduction in this costs make the company to earn profits. If competitors knows these financial information they will create a problematic situation for the organization to earn profits and sometimes survival also.
Madhavi
(CA - FINAL)
(1342 Points)
Replied 05 March 2014
Establishing better information protection:
1. Not all data has the same value: Based on the value of information it has to be protected. Hence organzation has to determine the value of hte different types of ifnormation in their organziation and has to plan for hte appropriate levels of protection
2. Know where the critical data resides: Each information requires different levels of protection. Identifying where data is located enables an aorganization to establis an integrted security solution. This approach also provides significant cost benefits , as the comppany does not need to spend more on protecting dta than the dtata itself its worth.
By knowig which data is the most critical ones the protection for that data will be applied accordingly.
3. Access to information: Information that is damages, disclosed or copied without the knowledge of the owner may render the data useless. To guard against this, organizations must establish some tyupe of access control methodologies. For important data access control should extend to the file level and from host to the network.
4. Protect information stored on media : Employees can cause damage by walking out the door with information on 3 1/2 inch floppy disks. Organization should provide a diskless PC so that employees are unable to copy the data without the oganization permission.
5. Review hardcoy output: Even sometimes hard copy of the files are very much review so that any important information is given appropriate protection
caaspirant
(349 Points)
Replied 05 March 2014
Isn't all this just a copy paste.... :D Where is so called discusion ?
PSPSPS
(Practicing)
(1344 Points)
Replied 18 March 2014
Friends Dont get Involved in Discussion here, Thi8s Projected to be a Girl ( Actually is a Guy ) is a waste of Time. Check here ( His ) Forum & Activity, since last 3 Attempts She ( He ) satrts with such thread & targets wasting everyones Time.
Madhavi
(CA - FINAL)
(1342 Points)
Replied 19 March 2014
Mr.PSPS..... i feel that u r wasting time. no need of you suggestion . i have taken 3 attempts but i feel u haven't written the exams. mind your words and work. no one is ready to spend time consistently here. this is one of the way i tried for studying. as i am working i am not able to spend time. I am a professional but not like you.
I never felt that people like you are also present here not seeing what you are doing but cautioning others. Its not only me everyone is trying their best to do some study. take care of your precious time and complete your CA first if you are really doing.
what you know about my profile. i dare to tell my attempts not just like you.
Manoj Mehta
(Head Of Department (Accounts & Finance))
(1479 Points)
Replied 19 March 2014
Dear PSPSPSPSPSPSPSPSPSPS (male or female ???)
You should not do this kind of things here.
Secondly ISCA is one of the most confusing subject on which she trying to help others and people like you dont even have the courage to post your name even on CCI. (So dont you try to judge others, look in your pocket first what you are)
Student take up ISCA at the last moment so your not getting reply here madhavi
Madhavi you are doing fantastic job and we all read you post when we get time.
Dont get demotivated. We can see you are trying hard and soon you will reach your place.
Best of luck.
Madhavi
(CA - FINAL)
(1342 Points)
Replied 19 March 2014
Thank you manoj for your support. I am sincerely doing my best to support all my frnds and not for wasting their precious time. I am also here for reaching my goal and i will be a catalyst for studies. But seeing these kind of comments i felt very upset and bad.
i wont waste anyone's time. why should i ????? i know the value of CA exams?
I wish all the members good luck for exams
Recent Topics
- Avoiding tax audit in case of intraday equity loss
- Form 3CEAB
- Form 3CEAA and Form 3CEAB
- DIR 3 Web KYC
- Can i declare LTCG income as business income if I
- Stock entry in new software
- I have an EMI collection shop, what is its SAC cod
- Making payment once in quarter possible under QRMP
- Master File Documentation related
- Applicability of 44AD needs clarification
Related Threads
CAclubindia
