Information about the business objectives for the organization
Healthy Body Wellness Center is an organization that provides a variety of medical grants to hospitals through the Office of Grants Giveaway. The organizations aims at promoting progress in the quality and value of hospital grants via federally supported research, evaluation, and sharing of information
The scope of the Information Security Management System plan includes the managerial, technical and operational domains. Its is to improve the credibility and general confidence in information processing and to act as a forum for security and privacy protection experts and others professionally active in the field. The scope will include institution of a general frame of orientation for security and privacy security in organizations, professions and the public domain. The organization aims at addressing invasive systems security as of functional, technical, and societal standpoint.
Description of the guiding security principles of the organization
The guiding principle of the organizations aims at reducing security risks and secure the interest of the organization. According to guiding principles, departments need to recognize, analyze and assess risks, choose risk avoidance options and establish a cost effective measures that will control and prevent occurrence of security risks. Departments are required to finish threat and risk assessment for vital sensitive assets. This approach defines what protection entails, evaluates and assesses risks and threats and comes up with recommendations that would aid in risk assessment. Other guiding principles include implementation and reviewing the effectiveness
Justification of the processes that should be included in the scope
Many organizations now in general have a figure of information security controls in position. Even as this is creditable the unfortunate this is that security risks and threats are always occurring on a regular basis. Lack of formal Information Security Management System (ISMS), security controls have a tendency to be tampered with. This is because controls have typically been implemented partly as precise clarification for specific conditions, or initiate as a matter of convention. The current security controls fail to generally address certain aspects of IT or data security, leaving non-IT information assets susceptible. At times business stability planning and physical security may be controlled separately of IT and information security, while Human Resources function fails to distinguish the need to identify and allocate roles information security and duties all over the organization(Arnason, 2008).
It is important to examine information security risks, identifying threats, vulnerabilities, and impacts in the organization. This is followed by designing and implementing comprehensive information security control suites. Then acquiring management procedure so that information security control continually meet organizational needs.
Recommendations
After implementation Information Security Management System, there is need to extend the ISMS to envelop the broader organization. This involves additional business operations, departments, or new venues like satellite offices. So as to guarantee effective and successful addition into your ISMS there is need to consider things such as; Assessing threats and vulnerabilities in the ISMS, training staff and monitoring events and operations (Caballero, 2009).
Reference
Arnason, S. T. & Willet, K. D. (2008). How to achieve 27001 certification: An example of applied compliance management. Boca Raton, FL: Auerbach Publications. ISBN: 9780849336485
Caballero, Albert. (2009). “14”. Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 232
