Isca - ca final help line may 2014

Part 1

1. importance of Information System Security

2. Objectives of Information security

3. What information is sensitive

4. Establishing better information protection

5. Basic  Grounds rules

6. Preventive information protection

7. Restorative Information protection

8. Holistic Protection

9. Information security policy

10.Purpose and Scope of security policy

11. Components of security policy

12. Types of information security polices

Holistic Protection:

1. This is giving complete protection like developing Business continuty plan or disaster continutiy plan.

2. Protection for corporate information systems from Harm or loss is not an easy task.

3. protection must be done holistically  i.e completely, i.e not leaving any area thinking that it wont happen like earthquakes, natural calamities etc.

4. Protection should be done giving the organization  the appropriate level of security at a cost that is acceptable to the business.

5. one must plan for the unexpected and unknown, expecting the worst events to happen adn recover from these events if and when they occur.

6. But it is quite difficult to plan in advance such events and they always seem to happen at the most inconvenient times.

7. Organization that wait until the last minute to decide on a protection plan and recovery process will suffer.

So Holitic protection should be planned in advance 

Types of information security policies:

1. Information security policy : This policy provides a definition of Information security, its overall objective  and the importance applies to all users

2. user security policy: 

This policy sets out the responsibilities and requirements for all IT system users. It provides security terms of reference for users, line managers and system owners.

3. Acceptable usage policy: This sets out the policy for acceptable use of email and internet services

4. Organizational information security policy: It is group policty for hte security of  its information assets and the information technology systems processing this information

5. Network and system security policy: Polify for system and network security and applies to IT dept users

6. Information clasification policy: policy for the classification of information

7. Conditions of connection: Group policy for ocnnecting to their network. It applies to all organizations ocnnecting to the gorup, and relates to the condictions that apply to  different suppliers sytems.

What is information security policy?

A policy is  a plan or course of action designed to influence and determine decisions, actions and other matters

Security policy: The security policy is a  set of laws, rules, and practices that regulates  How assets , including sensitive information are managed, protected and distributed within the organization.

The information security policy addresses many issues such as:

a definition of ifnormation security

reasons why information security is importnat ot the organization

brief expelanation ofthe sercurity policies, principles, standards and  compliance requirements

Definition of all relevant information security responsibilities

reference to supporting doucmentation

The auditor should ensure that  the :

Policy is readily accessible to all employees and that all employees understand its contents.

Policy has a owner  who is responsible for its maintenance and updation

Members of security policy:

Security policy broadly comprises 3 goups of management

1. Management members who have budget and policy authority eg: Top maanagement

2. Technical gorup who know " what can" and what cannot be supported   eg: Employees of IT dept

3. Legal experts who know the legal effects of various policy charges eg:Advocates, CA, CS

what information is sensitive?

1. Strategic plans : crucial to the success of company , very high protection is required for these eg. blue prints, top secrets of business, major decisions

2. Business operations: these consists of organization process and procedures, these are proprietary eg: customers list, clients list , pricing 

3. Finances: financial information such as salaries and wages are very sensitive and should not be disclosed to outsiders. This creates competitive edge, As salaries comprises of  fixed costs majority,  reduction in this costs make  the company to earn profits. If competitors knows these financial information they will create a problematic situation for the organization to earn profits and sometimes survival also.

Establishing better information protection:

1. Not all data has the same value: Based on the value of information it has to be protected. Hence organzation has to determine the value of hte different types of ifnormation in their organziation and has to plan for hte appropriate levels of protection

2. Know where the critical data resides: Each information requires different levels of protection. Identifying where data is located enables an aorganization to establis an integrted security solution. This approach also provides significant cost benefits , as the comppany does not need to  spend more on protecting dta than the dtata itself its worth.

By knowig  which data is the most critical ones the protection for that data will be applied accordingly.

3. Access to information: Information that is  damages, disclosed or copied without the knowledge of  the owner may render the data useless. To guard against this, organizations must establish some tyupe of access control methodologies. For important data access control should extend to the file level and from host to the network.

4. Protect information  stored on media : Employees can  cause damage  by walking out the door  with information  on 3 1/2 inch floppy disks. Organization should provide a diskless PC so that employees are unable to copy the data without the oganization permission.

5. Review hardcoy output: Even sometimes hard copy of the files are very much review so that any important information is given appropriate protection

no one is online how can i do discussion

Friends Dont get Involved in Discussion here, Thi8s Projected to be a Girl ( Actually is a Guy ) is a waste of Time. Check here ( His ) Forum & Activity, since last 3 Attempts She ( He ) satrts with such thread & targets wasting everyones Time.

Mr.PSPS..... i feel that u r wasting time. no need of you suggestion . i have taken 3 attempts but i feel u haven't written the exams. mind your words and work. no one is ready to spend time consistently here. this is one of the way i tried for studying. as i am working i am not able to spend time. I am a professional but not like you. 

I never felt that people like you are also present here not seeing what you are doing but cautioning others.  Its not only me everyone is trying their best to do some study. take care of your precious time and complete your CA first  if you are really doing.

what you know about my profile. i dare to tell my attempts not just like you.

Dear PSPSPSPSPSPSPSPSPSPS (male or female ???) 

You should not do this kind of things here. 

Secondly ISCA is one of the most confusing subject on which she trying to help others and people like you dont even have the courage to post your name even on CCI. (So dont you try to judge others, look in your pocket first what you are)

Student take up ISCA at the last moment so your not getting reply here madhavi

Madhavi you are doing fantastic job and we all read you post when we get time. 

Dont get demotivated. We can see you are trying hard and soon you will reach your place.

Best of luck.

Thank you manoj for your support. I am sincerely doing my best to support all my frnds and not for wasting their precious time. I am also here for reaching my goal and i will be a catalyst for studies. But seeing these kind of comments i felt very upset and bad. 

i wont waste anyone's time. why should i ????? i know the value of CA exams?

I wish all the members good luck for exams