1. What benchmarks might you consider in developing a security program?
The first step of implementing information security is to have a well security program in place and there are three major elements that assist in developing a security program, and they include confidentiality, integrity, and availability. An effective and efficient information security program endeavors to ensure that the information of various organizations as well as its processing resources are available when authorized users need them. Confidentiality helps in ensuring that controls and reporting mechanisms are put in place to help in detecting problems as well as possible intrusions with speed and accuracy so as to curb intruders from accessing vital organization’s information. The intruders may use malicious …show more content…
It ensures that assets are available to only authenticated and authorized users when needed and not to the intruders.
2. Briefly discuss what due diligence is and how your organization’s policies and practices accomplish it.
Due diligence refers to the actions that organizations takes as required by laws, regulations, or contracts to ensure there is adequate internal controls that helps in supporting the privacy and security of sensitive information of an organization or customers.
Organizations have various plans and by testing the plans, the organization shows its employees and stakeholders that continued operation of the organization has been addressed and that their personal information are secure. Organizations therefore, uses business continuity planning (BCP) which helps in creating strategies by recognizing possible threats and risks that may face the organization.
Therefore, organization that sends information through the internet needs due diligence to help them in maintaining compliances with laws and regulations to ensure effective collusion and fraud prevention mechanisms are in