Security management: the Network and Information Security Agency Essay

Introduction
Information serves as the key resource for any organization. It is of critical importance for the company welfare to assure the safe progress from the point of its creation and over the course of destruction [1]. The management of integrity, confidentiality, accessibility, and safe destruction is the prime concern of any organization to succeed in the fast paced environment today [2]. In order to assure the safety of the life cycle for their information, organizations prefer to information management systems that can independently be audited and regulates the flow of information thoroughly. For the purpose, organizations seek help from the information security management systems.
The need for the development of such ISMS emerges particularly from the requirement of the Decree in information security in the central government. The organizations are overwhelmed to make their information flow compatible with the ISO/IEC 270012013 standards which necessitate all the certified organizations to maintain the obligations of standard. For the reason, the need for such ISMS becomes obvious.
The Network and Information Security Agency ENISA (2006) has declared that administrators to the information technology security must not expect to invest one-third of time in addressing the technical aspects. It has been confirmed that the remaining two-third of the time must be spent in developing policies, procedures, planning, risk analysis, contingency planning, and promotion of security awareness. Therefore, it is important to concentrate upon the administrative site of the information security management alongside the technical aspects of information security.
This paper tends to review the different pieces of information that have been published since 2000 to describe the different information security domains such as standardization, control, risks, and behaviour. It will review the information and literature conflicts that may help in the development of an information security management system that accepts independent auditing and aligns with the series of initiatives sponsored by ISO.
Literature Review
As demonstrated by Kadam [3], the policies and systems for information security management must be developed based on the key resources owned by organizations. The function of the ISMS rely upon the policies therefore the policies must be ample enough to credibly explain the resources and reasons why the protection for resources is necessary and which individuals owe the duty of this protection. It is important to include the extent of policy that how far it is implemented throughout the company or it only applies for a specific branch or office. Policies must be exempted from specific instructions, but they must appear as a rational corporate document that contain answers to all questions related to information such as how, why, when, where, who, and what.
Once the policies for information security are accepted by the designated board, the organization must then create the ISMS. The scope of ISMS with respect to any organization can be described on a general level in the policy itself. Contrarily, the scope of information security management document must include clear details and instructions for the divisions and operations to which the management system can be applied to.