It is very important to respect the trust that the customers usually show by sharing critical information and data related to their personal and professional affairs. This trust once broken does not ever comeback and that is the reason behind a strong need of guidelines which can be used in order to know more about compliance related to information security and people, processes and technology management.
The assessment technique, which is under discussion over here is primary related to an assessment of risk, liability, business continuity, costs, and national repercussions while primarily concentrating on cyber-security and information management. The paper will assess ISG as a tool and its application to investigate about the actual status of cyber-security and information management within an organization.
The implementation of information security in a given setup can be highly subjective issue; however it is important to ensure that the assessment of the implementation can be done accurately to determine the compliance, safety and security within that setup. The ISG tool in itself provides a detailed and very systematic way to approach the overall security setup and customized answers to the questions are helpful in assessing the strength of the security solution which is implemented. The overall process of investigation that takes place involves the following sections.
Organizational Reliance on IT
This section targets a detailed assessment of the importance and value-add of IT on a particular organization. A feedback related to revenue, associations and level of regulations is taken during this section to determine that how strongly an organization depends on IT and what can be the possible consequences if the currently available resources that provide IT support are suddenly taken away.
Risk assessment is a key ingredient of any value determination tool and therefore once again, it is used in order to find out about the risks that are associated with non-implementation of security guidelines and to determine that how safe it is to proceed without any major security within a particular area.
The most important contribution to both security implementation and breach is provided by people and therefore it is very important to understand whether people within a particular setting are thoroughly aware about their own info security norms. Information security in this kind of assessment is taken more like an education and the key focus is to obtain the actual understanding of the people about general concerns based on information security.
Processes and Technology
The next set of questions in ISG is very helpful to diagnose the key security issues and concerns which are directly associated with processes or the technology that is in place. The attempt is to identify the focus driven by processes and technology in order to maintain optimum levels of information security at any given point of time.
ISG is a very strong and accurate tool to judge the effectiveness of the information security implementation perspective and that there are enough resources in this tool to judge the key areas that lack and there is also an opportunity to improve the same as and when the outcomes of an ISG result are obtained and hence it is easily deduced that ISG is an effective information security assessment tool.
CGTF. (2004). Information Security Goveenance (ISG). Retrieved September 25, 2012, from www.cyberpartnership.org): http://www.cyberpartnership.org
Frank, D. G. (2001). Information Consulting: The Key to Success in Academic Libraries. Journal of Academic Librarianship 27 #2 , 90-96.
Kalpan, B., & Maxwell, J. (2005). 'Qualitative Research Methods for Evaluating Computer Information Systems'. Evaluating the Organizational Impact of Healthcare Information Systems , 30-55.
Ministry of Economy, Trade and Industry. (2005, March 15). Corporate Information Security Governance. Retrieved September 25, 2012, from www.trident.edu: http://www.trident.edu/Media/Default/pdf/Well-Written-Paper.pdf
Windt, K., & Hülsmann, M. (2007). Understanding Autonomous Cooperation & Control - The Impact of Autonomy on Management,. Information, Communication, and Material Flow. Springer, Berlin , pp. pp.17-2.