Custom «ITM» Essay Paper Sample

Basically, ITM is an acronym of the word Information Technology Management. It is an overall word that in broader terms covers our information and security systems. To add on that, it also deals with the management of information and security, just as it the acronym of the word states. Thus it can be stated that the information security management standards are among the widely used systems of providing security in organizations. This is most common in large organizations with so many departments.

These management security systems are widely used; for instance in many large organizations and thus they focus mainly on the information that currently exists. Some of these standards that are used are such like the BS7799, GAISP among others. On the other hand, these information security systems used in managements have their own major limitation. In this case, they are considered to be irrelevant to some extent such that they fail to give clear advice on how these security processes can be put into real practice.

These standards have the main purpose in organizations and this is to improve security other than to subvert it. Thus while put into pure and good practice; and without neglecting their limitations, they can help curb the vices within an organization when it comes to matters regarding security. The security standards might help in preventing unauthorized access in a company's secrecy. Security can also be addressed through its legality. With this we are simply referring to how the law is related the security by itself. Thus it can be referred to as the misconception that a certain party will not pursue a planned attack on some organization system for doing so is considered to be a legal offence. Thus preventive measures can be developed t o help curb such behaviors and the criminals are to be subjected to harsh punishments

When we talk about legislation, we simply refer to rules and regulations that guide a particular organization for the purpose of attaining a certain objective. For instance, piracy is an illegal act. Piracy was established just for the sake of making quick money. It can thus be described as the act of selling counterfeit materials for the purpose of making quick money. It is can also be defined as the infringement of a holder's copyright exclusive rights. Piracy can be experienced in many occasions. DVD copyright protection depended on the ability of the pirates to copy and blend the DVD's content but thus with the invention of a standard security system, helped to curb this malicious act. The Advanced Access Content System was created and it only allows authorized content to be created. It discards the unauthorized creation of such DVD copies as this is an act of piracy. Self-protecting Digital Content is another security system which works hand in hand with the Advanced Access Content System. This was in the early ninety's when this act was taking its roots.

The rules and regulations also have their own effects on information security such that they affect the way an organization operates. Risks such as attacks can be as a result of these rules and regulations. Some of the other main security standards that are used in our organizations today include the GLBA, HIPAA, and Sarbanes-Oxley among other standards. They help provide the organization with the standard they require. The law thus plays a very vital role when it comes to these security standards. It has gone an extra mile to give the entire industrialized world's an ability to prosecute the criminals who are involved in such malicious acts. Even though the law plays its role as so, the system designers on the other hand should not just sit there comfortable with the knowledge that everything is well; they should instead take steps towards preventing any attacks which might tend to rise against the system.

In our case of study, being a CSO of a certain company, you have to ensure that you have created rules and regulations such that your working mates could be able to read, understand and implement them. These rules will help in the smooth running of the company without conflicts that might tend to arise. Creating such rules and regulations is not something that should be done by an individual; it should rather be done by a group of senior members in the management. With these a broader view of knowledge as regards the creation of the rules and regulations will be given by minority. This simply means that each and every member of the senior management staff will be expected to give a point in relation to the subject of study; in our case, the creation of rules and regulations.

Issues such as the company's security, office etiquette among others should be the ones mentioned at most while discussing the rules and regulations to be created. Once this is done, the company is expected to put the rules and regulation in the company's notice board such that each worker is able to read and understand. Rules and regulations are of great importance as they not only guide the company on its way forward, but they also ensure behavior of the workers is maintained and this will create a good image of the company.

Lastly, another instance was in the United States of America where an act was created to help curb a certain behavior which was at its rise. This is where internet was misused. Pornographic content was at its high stake where even messages and imaged were shared through emails. This is when President Bush created the CAN-SPAM act in 2003 with an aim of helping stop this act. It can be concluded that rules are important for any organization to progress.