An Information Security Program Mission - 1462 Words

An Information security programs mission should be developed in a way that â€Å"aligns with organizational strategies by evaluating business requirements, applicable laws, regulations, standards, and best practices† (Module 2). More importantly businesses, governments, and other types of organizations need to incorporate cyber security to conduct business transactions, share information, and interact with customers and suppliers. Threats to the confidentiality, integrity and availability of cyberspace capabilities (e.g., hardware, software, and networks) are threats against the â€Å"economic activities and social interactions that depend upon cyberspace† (Module 2).These threats drive the need for cyber security, thus an information security†¦show more content†¦Furthermore, this paper will provide a general explanation of the business need for information security programs/policies to protect against the loss of profit, damage to the company’s reputat ion, and cost of litigation. The discussion will provide key concepts in regards to threats and vulnerabilities along with recommended technology solutions that will help manage or mitigate possible impacts and results you implement into your small business. Terms Definitions Confidentiality â€Å"Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.† (44 U.S.C., Sec. 3542) Integrity â€Å"Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.† (44 U.S.C., Sec. 3542) Availability Ensuring timely and reliable access to and use of information†. (44 U.S.C., Sec. 3542) Non-Repudiation â€Å"Assurance that the sender of information is provided with proof of delivery and the recipient with proof of the sender’s identity, so neither can later deny having processed the information.† (CNSS Inst. 4009) Authentication â€Å"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.† (NIST SP 800-37) Authorization â€Å"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or