Information security management Essay Example | Topics and Well Written Essays - 3000 words

Information security management - Essay Example The next key element is PLAN. The Plan defines the service level agreements as per business requirements, foundation of contracts, operational level agreements, and policy statements. All these components included in the planning are based on the requirements of the business. After the completion of control and plan, the next key element is to IMPLEMENT all these components. Implementation involves creating knowledge and consciousness along with categorization and listing of assets. Moreover, personnel security and physical security related to theft is implemented. Likewise, implementation element also involves security related to network, applications and computing devices. In addition, configuration and management of access rights and contingency planning of security incident processes is also a part of this element. All of the three elements control, plan and implement lays a foundation of a structure. After the deployment of ISMS structure, the next key element is EVALUATE. The e valuation consists of internal and external auditing of the processes that are implemented in the previous three phases. Moreover, self-assessment is also conducted, along with security incident evaluation. For instance, if there is a breach in security, the security management processes ensure to deal with security incidents. The last key element is MAINTAIN. This phase frequently monitors processes including security management, new threats, vulnerabilities and risks. These elements, do not only monitors these processes, but also improve processes where required , and if there are certain processes that needs to be improved, the ISMS cycle start from the first key element i.e. CONTROL. 1.1 ISMS Scoping A good definition of ISMS is available on www.praxiom.com, defined as â€Å"An information security management system (ISMS) includes all of the policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures that are used to protect and preser ve information. It includes all of the elements that organizations use to manage and control their information security risks. An ISMS is part of a larger management system†. The goal is to protect the information of the organization itself as well as its customers. The ISO/IEC has established two standards that emphasize of ISMS. The ISO/IEC 17799 is a code for information security management. It is the framework or a system that is based on certain processes, to ensure that organizations achieve their information security management objectives i.e. ISMS. The second standard is ISO/IEC 27001 is associated with several different factors including (, ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements): Implemented in the organization to originate security requirements and goals Implemented within the organization in such a manner that security risk management bears less cost Implemented within the organi zation for guaranteed deployment of compliance with laws and regulations Implement a process framework within the organization for deployment and management of controls in order to meet particular security objectives Defining new processes

Interpret the result in your report. Also, your report and model Essay

Interpret the result in your report. Also, your report and model (where possible) should analyse the following- - Essay Example In both cases, the major components of the statements are explained e.g. remunerations disclosures, segment reports and interests disclosures have been made. The reliability of the financial statements has also been made better by the better governance structure and the independence of the auditors. According to the auditor’s reports, the financial statements give a true and fair view of the positions of the company. Moreover, both M & S and Morrison have reported the financial performance in a comparable manner. The performance in 2011 has been compared to those of 2010 to help investors monitor the firms’ progress. Notwithstanding, the notes to the financial statements have been compiled to make the information better understandable. Comparatively, Mark Spencer notes are detailed. On the element of legislations, the companies’ strategies have incorporated their products and services to satisfy the expectation of the customers and the society. For instance, Morrison is committed towards reducing the quantity of carbon released to the environment. In both cases, the users to the financial statements are the shareholders, investors, customers, the government and competitors (Palepu & Healy, 2008). The government requires the information for determining the tax amounts, customers for purposes of knowing progress of the companies and shareholders for monitoring the companies return (Palepu & Healy, 2008). The complex nature of the financial statements and the accounting jargon is the limitation in the financial reports. In conclusion, the preparation of the financial statements in accordance to the accounting standards and the companies act is necessary for comparison purposes and uniformity in reporting. This explains why both the companies have largely there is no major differences in reporting. Wahlen, JM, Bradshaw, M, Baginski, SP, & Stickney, CP, 2011, Financial reporting, financial statement analysis, and valuation: a