Question

Information security depends on one's ability to know how to secure an asset using compliance driven directives. This means that there is a need to implement rules and regulations surrounding the protection of important information that, through ownership, carries with it inherent consequences if compromised. Research and discuss the ways in which you might secure such information, and how you would assure a given client that their information would be protected using need-to-know security practices. (PLEASE DONT COPY PREVIOUS RESPONSES. I NEED A NEW ORIGINAL RESPONSE)

Answer 1

The process of protecting information (data) and information systems so that no one can use it in any form without authorized access is called Information security.
Rules and regulations are to be implemented to help companies improve their information security strategy by providing guidelines and best practices based on the company’s type of data they maintain. Non-compliance with these regulations can result in data breach.
The ways or Security Controls to be taken to secure such information are discussed below:
Administrative Controls
1.   Policies, standards, and guidelines should be developed and published.
2.   Screening of personnel.
3.   Security-awareness and compliance session training should be conducted on regular intervals.
4.   Implementing change control procedures.
Technical or Logical Controls
1.   Implementing access control mechanisms.
2.   Password and resource management.
3.   Identification and authentication methods
4.   Security devices and
5.   Configuration of the infrastructure.
Physical Controls
1.   Controlling individual access into the facility and different departments
2.   Locking systems and removing unnecessary drives
3.   Protecting the perimeter of the facility
4.   Monitoring for intrusion and
5.   Environmental controls.

How you would assure a given client that their information would be protected using need-to-know security practices?
Client data is the most precious thing to handle day-to-day. Giving assurance to a client that their data is safe with your organization is the most important thing for your company. To do the same you should:
1.   Clarify to your client that where you keep the data and how it is protected.
2.   Implement Multi-Factor Authentication in the systems.
3.   Increase the audit activity in your company and share the audit reports regularly to your client.