Security Analysis And It Security Policy Manager At My...

In writing this paper I spoke with Security Analysis and IT Security Policy Manager at my place of employment when researching this paper. They gave me some insightful direction as to the information, where to look for information and the important security issues to reference. Working in IT for the last 10 years I have also had to deal with many of these policies first hand. Additionally, I referenced the PowerPoints presented in class and The CISSP and CAP Prep Guide: Platinum Edition that I purchased and used for the quiz in class. When discussing the topic of information security there are many concepts, elements and topics to discuss. Some of the information to be discussed here are the ten domains of Computer Information Systems†¦show more content†¦This is a company that I made-up just for name sake of this paper. This is not a comprehensive list however will point out some of the more important points. To begin with, any security professional must take in to account the three fundamentals of principles of Confidentiality, Integrity, and Availability (CIA) that set the security posture for an organizations information security department. Integrity ensures that unauthorized alteration to information is not made, alterations are not made by unauthorized personnel, and the information is reliable both internally and externally. Confidentiality unauthorized release of information, regardless if the release is internally or externally. Availability for the users to be able to access the data in a consistent and timely manner that will add value to their job is also necessary. The process and choice of classifying information is very important. Data of different types have different values to the owner of the information. Some data may be of more value or critical importance than other data. Certain information is therefore valuable, and if lost could cause great financial loss. Total Layer IT will classify its information using the terms Public, Sensitive, Private, and Confidential based on the information’s value, age, useful life, and personal association. Based upon the business needs certain groups will have access to these various levels of information.