Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Network Switch
* Notes: Equipment Rack Locations Network Devices Room 1234 Servers Room 1234
wks6
2008)
B2. Justification The PDCA process provides four stages for the planning, implementation, review, and improvement of the ISMS policies and procedures. By adopting a plan that continually audits, reviews, and improves the LAN security posture a more effective and comprehensive ISMS is created. Industrial standards such as ISO 27001, NIST, COBIT, and ITIL all suggest a plan of continual evaluation and improvement. In the case of HBWC it is clear that the As-is-state did not have any improvement process. The lack of a security plan or improvement process has made HBWCs current systems vulnerable to a great number of threats. The establishment of a comprehensive ISMS policy and the adoption of the PDCA process will greatly reduce the risk of threats and vulnerabilities of HBWC, and it users. Due diligence requirements establish very clear legal ramification for lack of proper handling and due care of information. Organizations must be concerned with relevant compliance to requirements like Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), and Personally Identifiable Information (PII). Establishing a process of continued review and improvement will allow HBWC can adapt to changes in risk (threats) and adapt to ever changing legal responsibilities. (Arnason, S, & Willett, K.D, 2008)
Reference Page
Arnason, S, & Willett, K.D. (2008). How to achieve 27001 certification an example of applied compliance. New Auerbach Publications. Tipton, H, & Henry, K. (2007). Official (ISC)2 guide to the CISSP CBK. Boca Raton, FL: Auerbach Publications. Tipton, H, & Krause, M. (2007). Information security management handbook, Sixth Edition. Boca Raton, FL: Auerbach Publications.