Business Drivers for Developing Information Security Policies

Business Drivers for Developing Information Security Policies

Deepak Maddukuri

Unversity of Cumberlands(Williamsburg, Kentucky)

Business Drivers for Developing Information Security Policies

Abstract

With the increasing technology, it brought more ease of usage of technology and comfort to the
people. But along with the ease of doing things, it also brought more risks and security breaches.
In this paper we will discuss how to have an information security policy and its aspects.

Keywords: Security, Software, Policy, etc.,

Business Drivers for Developing Information Security Policies

Business Drivers for Developing Information Security Policies

Information Security policy is mainly dependent on data and software development qualities.
Security policy deals and is in the collaboration with the quality. It is like a standard which has to
be followed by companies to ensure security for the users and employees in the company. It is
applicable to the network, software used and development in the company. With this more security
can be provided and maintained to the company as well as the users of the software.

Quality of Information security depends on Maintainability, portability, functionality, reliability,

usability, efficiency and compliance. (Maynard, 2006) Normally the information security model
is done based on the architecture, software and data modelling. Different quality factors are defined
as below (Lipner, 2006)

Maintainability: it focuses on the maintenance of the system. It is the effort to keep up the security
policy. Depending upon the standard of quality of software different characteristics are testability,
stability, analyzability and changeability. (Maynard, 2006)

 Testability is to validate the software to check if any if software modification causes any
penalties.
 Stability is to stay still though any risk happens. It focuses on company’s overall security. It
can check and fix if any security gaps are present in the system.
 Analyzability concentrates on how to recover from the catastrophes.
 Changeability concentrates how the company’s plan can be adjusted to the situation and how
adaptable to the change it is.

Portability: its focus is on to utilize meta policies. As per ISO 9126 different characteristics of
meta policies are install-ability, co-existence, adaptability, replaceability.

Functionality: this aspect defines how tasks are performed as per the software product. It focuses
on completeness for the better software. Different features of this aspect are interoperability,
security, completeness, accuracy and suitability. (Maynard, 2006)

Reliability: as per AS/NZS 4216 this aspect focuses on performance of the software. The different
features of this aspect are fault tolerance, recoverability, reliability and maturity. (Lipner, 2006)

Usability: this focuses on how effectively resources are used and utilized. Different characteristics
related to this aspect are operability, attractiveness, understandability, usability and learnability.

Efficiency, this term was defined by McCall in 1977 as part of required methods of information
security policy. It focuses on effort and cost of implementing and developing the security policy
for an industry or company. This property is based on utilization of resource and behavior of time.
(Maynard, 2006)
Business Drivers for Developing Information Security Policies

 Utilization of resource focuses on the number of resources required to do a task in the company.
Training activities are taken care to make resources more effective in work.
 Behavior of time focuses on the software response time.

Compliance checks if the software is designed as per the government standards. It is as per the
standard ISO 9126 2005. With this policy in place the company’s will be following rules as per
the standards and this can help company to maintain all the aspects with quality. (Maynard, 2006)

Basically, for a better information security all the aspects and problems with the security and
development has to be taken care. Different aspects actually have significant role in the way they
are used in the model.

Conclusion

For a company it is very important to assess their security policy and also its eminence. From all
our analysis it is clear that quality makes the more impact in the security life cycle for a company
for its security policy. Privacy and security aspects also play an important role, along with this risk
management, auditing, training aspects have to be taken care to maintain good security in the
company. A company should always try to make a software with more security.
Business Drivers for Developing Information Security Policies

References

Steve Lipner, 2006, The Security Development Lifecycle

S.B. Maynard, 2006, What Makes A Good Information Security Policy: A Preliminary
Framework for Evaluating Security Policy Quality.