Information security is very important to any organization as it is a way to protect the organization from intrusion and in the worst case, restore an organization to normality after an attach was level against them. Protection of the organization’s data is key as the real value of the company is in its data. Information security for Ray Clay Renovations will protect not only its customers credit card information or payment information but also information about its product, product design, plans patent applications, drawings. If Ray Clay Renovations fail to protect the company information, this will lead to breaching the CIA (Confidentiality, Integrity and Available). This paper will clearly analysis information security program for Ray Clay Renovations and why the company should adopt an ISO/IEC 27001 compliant Information Security Program.
ISO/IEC 27001 is a specification for an information security management system (ISMS) that was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. (ISO 27001; 2013). Red Clay Renovation needs to adopt the ISO 27001 due to the fact that they have a lot of information to protect. Protection needs to cover not only the company information but also client and third parties’ vendor information especially due to the fact that they specialized in smart homes and ‘internet of things’. Considering the fact that Red Clay Renovations information is the most important assets of the company, they definitely need to implement an Information Security Program and comply with the ISO/IEC 27001.
The protection against data lost is key to implementing the Information Security Program for the company as it deals with a lot of PII. Customers information that is used when the company is designing and implementing a project like medical information is the first thing I would like to stress. The Information Security Project will use ‘Risk Assessment’ to protect customers’ data. This can also be use when protection employees and company data from threats and vulnerability against attackers.
Implementing an Information Security Program will enable Red Clay Renovation identify gaps, manage risk and allocate resources to better protect the company for threat that will arise from the on-field employees. The use of VPN, company and third party equipment when at a customer site during construction is also key.
Lastly, an Information Security Program will protect the structures put into place as the use of modern technology like ‘Smart Homes’ and ‘Internet of Things’ are implemented within a project for customers. Without the security of these information, attackers can gather information like entry code to a home and use that to break in leaving the customer in harm’s way. This will also discredit and break contract with the third party vendors and cause the company to lose revenue.
In conclusion, Red Clay Renovation needs to definitely implement an Information Security Program making sure that it is prepare for the worst. Of course, when implementing this kind of program, Red Clay Renovations needs to consider designated security officers, risk assessments, access control, policies and procedures, system development and maintenance, business continuity management, compliance standards and a compliance audit plan.
Every company needs to have a security program (2008); The Barking Seal; retrieved from:https://www.appliedtrust.com/resources/security/every-company-needs-to-have-a-security-program
Information Security Program; https://www.optiv.com/information-security-program
ISO 27001; retrieved from: http://whatis.techtarget.com/definition/ISO-27001
ISO/IEC 27001:2005; retrieved from: https://en.wikipedia.org/wiki/ISO/IEC_27001:2005
Shon Harris, Key elements when building an information security program;http://searchsecurity.techtarget.com/tip/Key-elements-when-building-an-information-security-program