Information Security Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Information Security Essay
Rate this post

  • University/College:
    University of California

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 342

  • Pages: 1

Information Security

•What is the difference between a threat agent and a threat? Threat and Threat agent is on page 11.

•What is the difference between vulnerability and exposure? Exposure page 10. Vunerability page 11.

•How has the definition of “hack” evolved over the last 30 years?

•What type of security was dominant in the early years of computing? Secure physical locations, hardware, and software from threats. Means of badges, keys, and facial recognition by security guards.

•What are the three components of the C.I.A. triangle? What are they used for? Confidentiality, integrity, availability.

Confidentiality page 13. Integrity page 13(bottom) and 14. Availability page 12.

•Among the five components of an information systems, which are most directly affected by the study of computer security? People I believe

•What paper is the foundation of all subsequent studies of computer security? It began with Rand Report R-609, sponsored by the Department of Defense, which attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system. Page 5 and 6 for more on rand.

•Who is involved in the security development life cycle? Who leads the process? Senior executive: Champion leads the process.
Page 30 shows all of them.

•Who is ultimately responsible for the security of information in the organization? Chief information security officer page 29 at bottom

•What is the relationship between the MULTICS project and early development of computer security?

•What was important about Rand Report R-609?

•Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing these wishes are carried out? •Who should lead a security team? Should the approach to security be more managerial or technical?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts

Information security Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Information security Essay
Rate this post

  • University/College:
    University of Chicago

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 1189

  • Pages: 5

Information security

Most organizations today are adopting and integrating technologies in their production with an aim of improving production, efficiency, profitability and the competitive advantage in the market. This has been accelerated by the increasing globalization and innovation of new technologies which pose a major competitive threat to many organizations. Also, formulation of environmental standards as well as increased expectation on the standards and quality of goods and services by both the government and customers has also necessitated adoption of new technologies to ensure this is met.

New technologies in use today like the web 2. 0 and also the new internet as well as wireless technologies have led to increased efficiencies as well as increased productivity for most organizations. However, despite the advantages which accrue from introduction and use of new technologies in organizations, they pose major security threats to an organization. Data hijack by criminals as well as terrorism threats are some of the challenges that organizations are facing during new technology implementation processes (Bazelon, Choi & Canady, 2006).

Security issues in regard to new technologies implementation in an organization Security is a top concern for most business since it may lead to destruction of a company’s reputation thus affecting the competitiveness of an entity. With increased globalization and increased terrorist threats, security risks have increased posing a major threat to most organizations. One of the major threats that companies face while implementing information technologies are the risk of losing or protecting sensitive data.

Information technologies especially via internet and other wireless technologies are accessible globally which poses a major threat to an organization. Organizations hold private and sensitive information regarding their employees, production processes and also marketing strategies which are vital for competitive advantage. However, with technology implementation, and the dynamism in technology, such data may be accessed by unauthorized individuals causing a business great harm in terms of profitability. This also exposes the employees as well as an organization’s customers’ at risk of fraudulent activities via technologies.

Information security experts insist that just like information networks operate or cross borders with no regard for the provincial and national boundaries, also security vulnerabilities and threats pass in the same way thus necessitating greater and stern security measures to ensure that the threats are minimized (Hinojosa, 2005). Another threat that organizations are facing is terrorist attacks and threats. Currently, there are many terrorist groups which operate globally and they employ high technologies to carry out their tasks and to harass businesses and employees as well as the customers.

An increase in global terrorist organizations in the world that are connected via the new technologies poses a major security threats to most organizations in the world. Terrorists may not only be interested with soliciting the financial and production processes of an organization, but also the structural and day to days activities of an organization with an aim of identifying weak areas or points which could be used to attack an organization. This is made possible by new technologies which enable then to tamper the security measures taken by an organization to ensure that it is protected (Sussman, 2008).

Phishing and data mining is also another information security risk that is faced by organizations during implementation of technologies in an organization. Phishing refers to the unauthorized use of personal information of another person which is obtained through networks. It also involves alteration of an individual’s computer software with an aim of obtaining the computer owner’s personal information by scrupulous individuals and for the purposes of defrauding the person or harming their reputation or career.

With implementation of new technologies in an organization, the entity is enabled to sell its goods and services online and all the transactions are carried without having to meet the customer or the client. While making the payments, a client gives his private financial data depending on the mode of payment which he or she uses. Computer criminals have a way of tampering with or gaining access of such information which they can manipulate to make purchases while pretending to be the clients.

The business thus faces a risk of being sued by a client on such grounds and for lack of adequate protection measures. This has increased the cost of implementing technology especially with different cases of security breach being reported today. Organizations are supposed to ensure that the private information of their clients and employees are well protected and that their privacy is upheld despite the cost this may involve (Ena, 2008). Risk of loss of important documents by an organization has also been a major security issue while implementing information technology.

Apart from the risk of terrorist threats and phishing, an organization also faces the risk of losing vital information through dangerous programs such as the viruses which are transmitted via the internet and other networks. If such programs find their way to the computers and other technologies in a company, a company may risks losing most of its vital information as these programs corrupts the whole network system in an area. This could be dangerous for and organization as it may lead of reduced productivity, increased costs and reduced earnings (Blankespoor, 2005).

With increased awareness of information security threats increasing in the world, the attackers have changed their tactics posing even a major threat to an organization. Most of the attackers are usually professional information technologists who invent new methods of accessing data from an organization despite the security measures taken. As mentioned earlier, technology is changing at a very high speed and so are the security threats to an organization. The dynamism of technology is a risk which cost organizations heavily as they try to keep pace with it.

While implementing new technologies, organizations are also faced with the problem of testing the validity of the technology. Most of the cases involving security breach end up being the problem in an organization. IT companies exonerate themselves by arguing that lack of adequate security policies in an organization are the major causes of any cost that an organization may incur (Wallace, Lusthaus. & Kim, 2005). Conclusion Information technology is a major strategy that has enabled most of the businesses to perform well in terms of growth and expansion.

New technologies have been on high demand in the recent past especially as most organizations go global which necessitates networking. Technology improves the efficiency, effectiveness and the overall productivity of an entity. However, it poses major threats to the privacy of a company as well as its clients and employees. Stern security measures should be taken to ensure that technology implantation in an organization does not turn out to be more costly. This can be done though formulation of technology security policies and procedures to ensure privacy is upheld.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts

Information security Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Information security Essay
Rate this post

  • University/College:
    University of Chicago

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 900

  • Pages: 4

Information security

The secrets of an organization are protected from competitors. Vital information to a business is protected from competitors by establishing a strong system of internal controls. Protecting the information relating to the operations of a business reduces losses to the business. Poor information security practices can creates a lot of costs to the business through; data recovery costs, loss of competitive advantage, cost of investigations, and others. The business builds confidence among the stakeholders when it protects its information.

The use of technology has increased many risks upon the protection of information of a business. Organizations provide their employees about the guidelines to be followed to protect the information of the business (Chan, Woon & Kankanhalli, n. d. ). Issues relating to information security Many businesses have trade secrets which need to be protected from their competitors. If the trade secrets are stolen, the business may incur losses in terms of competitive disadvantages in the marketplace. The increase in competition in the global business has increased the need to protect information which may be used to out-compete a business.

The international law protects the copyrights of each business and gives the authors of original information the exclusive right to use the information. The long term survival of the business in the market depends on the ability to withhold confidential information. Growth and expansion strategies are based on the ability to protect confidential business information. The management should determine which information is important to them and place strict measures to protect it (Chan, Woon & Kankanhalli, n. d. ).

The increase in the use of technology has resulted into exposure of internal information about a business to many risks. The computing technology has created information risks which force the management to introduce systems which ensure the protection of information. “In the recent years, organizations have increased spending on both physical and IT security technologies,” (Chan, Woon & Kankanhalli, n. d. , pp. 3). However, several security incidences continue to occur despite the implementation of the security technologies.

The internal security issues are done by the employees when they have errors in their operations or they deliberately misuse the information of the organization. Most of the external threats an organization encounters are linked to the internal staff (College of Education n. d). To protect the information contained in the internet and computers, an organization should use passwords. The passwords should be known to the concerned individuals in the organization and should be changed regularly to ensure safety of the data.

The information should be under the control of a responsible person and these individuals should be answerable to the management of the organization. Access to the confidential information should be allowed to a limited number of employees (College of Education. n. d. ). The management should educate its employees about security issues of the data they handle. Some employees may not have knowledge about the confidential information of an organization and they may expose it to competitors without knowing.

The use of such information should be limited to the organizational activities and should be protected against competitors. Employees should be taught how to use the passwords to ensure information security. The emails of the company should be provided with strong passwords to ensure no hackers can access information (Tenby, 2002). The government has regulated some businesses and industries which have great influence to the nation by regulating the use of information. The regulations depend on the nature of the institution and its role in the economy.

For example, financial institutions and healthcare companies have been regulated since their contribution to the economy affects many sectors. Laws are established to protect the interests of the organization and to ensure the business environment is conducted in a fair manner (McConnell & Banks). The Sarbanes-Oxley Act was established in 2002 to regulate the protection of businesses as well as improving corporate governance. The Act was introduced to prevent the misuse of corporate information by the professionals especially the auditors, accountants and the managers.

The Sarbanes-Oxley Act of 2002 was created to address the high rate of failure by publicized businesses, restatement of financial statements and the corporate improprieties. The act requires the management to be responsible for ensuring adequate internal control measures are in operation within the organization. The auditors should report about the effectiveness of the internal controls during the annual audit reporting. The management should introduce internal controls which protect the information of the business as well as ensuring the professional activities are implemented successfully (McConnell & Banks). Conclusion

Information security is of great importance to the business since it prevents competition from other businesses in the market as well as preventing the misuse of information by the employees. Technology has increased the risks associated with the use of information. A large number of frauds committed in the organization are initiated by the internal staff of the organization. The management should provide a system of accountability where the staff should be responsible for the information provided to them. The management should ensure the employees have adequate knowledge about protecting the information of the organization.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts

Information Security Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Information Security Essay
Rate this post

  • University/College:
    University of Arkansas System

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 914

  • Pages: 4

Information Security

1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset. 2. What is the difference between vulnerability and exposure? The differences are: vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security?

Information security is the protection of information and it is critical elements, including the systems and hardware that used, store, and transmit that information, Thus, assuring the security of utility services are critical elements in information system. 4. What type of security was dominant in the early years of computing? The type of security was dominant in the early years of computing security was entirely physical security. And MULTICS was first noteworthy operating system to integrate security in to its core system. 5. What are the three components of the C.I.A. triangle? What are they used for? The three components of the C.I.A triangle are:

Confidentiality: Information’s should only be accessible to its intended recipients. Integrity: Information arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems. It contains three major characteristic confidentiality, integrity and availability which are important even today. 7. Describe the critical characteristics of information. How are they used in the study of computer security?

The critical characteristics of information are:
Confidentiality-preventing disclosure to unauthorized individuals
Accuracy-free form errors; Utility-has a value for some purpose; Authenticity-genuine and Possession-ownership. 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?

The six components are: Software, Hardware, Data, People, Procedures, and network. If there is a flaw or oversight in any of category it could lead to exposure and or vulnerabilities. The components most associated with the study of information security are: hardware and software when it views as science also people when it view as social science. 9. What system is the father of almost all modern multiuser systems?

Mainframe computer systems
10. Which paper is the foundation of all subsequent studies of computer security?
The foundation of all subsequent studies of computer security is the Rand Report R-609. 11. Why is the top-down approach to information security superior to the bottom-up approach?
Top down has strong upper management support, dedicated funding, clear planning and the opportunity to influence organizations culture, whereas Bottom up lacks a number of critical features such as participant support and organizational staying power. 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?

A formal methodology ensures a rigorous process and avoids missing steps. 13. Which members of an organization are involved in the security system development life cycle? Who leads the process?

14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice?
Information security can be described in Art because there are no hard and fast rules especially with users and policy. Also, it can be describe in Science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time. 15. Who is ultimately responsible for the security of information in the organization?

The Chief Information Security Officer (CISO)
16. What is the relationship between the MULTICS project and the early development of computer security? It was the first and operating system created with security as its primary goal. Shortly after the restructuring of MULTICS, several key engineers started working on UNIX which did not require the same level of security. 17. How has computer security evolved into modern information security?

In the early days before ARPANET machines were only physically secured. After ARPANET it was realized that this was just one component. 18. What was important about Rand Report R-609? RR609 was the first widely recognized published document to identify the role of management and policy issues in computer security. 19. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out? Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs. 20. Who should lead a security team? Should the approach to security be more managerial or technical?

A project manager with information security technical skills lead the team. The approach to security should be managerial, top down.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts

Information Security Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Information Security Essay
Rate this post

  • University/College:
    University of Arkansas System

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 357

  • Pages: 1

Information Security

Information Security is a fundamental function of any organization expecting to be competitive in the global market. As more and more developing countries make the leap into capitalism, competiveness will only become more essential. With Asian nations like China, Korea and India stepping up to make their presence noticed taking more of the market share than ever before other organizations must remain competitive which means keeping their piece of the pie safe and secure. Organizations’ proprietary information if left unsecure could mean loss of their competitive edge.

In the IndustryWeek. com article by, “Manufacturers Must Think Virtually to Ensure Data is Protected” Chris Benco contends; “Data is what all manufacturers rely upon, and with the ever-increasing influx of it, companies need to ensure that it is protected in the event of a natural disaster, human error or other problems. With this heavy reliance on data to maintain day-to-day operations, manufacturers cannot afford to overlook data protection as it is the key in maintaining production, optimizing productivity and guaranteeing profit.

Information security though takes on another aspect when you consider an often over looked key element of corporate information. We think of information security in terms of protecting what is on paper and in data bases, but knowledge is much harder to nail down. Knowledge, information that is stored in the minds of the organization’s personnel is just as important as any other data or product information and should be gathered and stored just the same.

As we could see in the reading material for this case assignment there are many methods for obtaining, sharing, and storing knowledge information. Some such methods were discussed by Ann Field in her article “Locking Up What Your Employees Know”. The step according to Ms. Fields are to first Create a knowledge profile, then foster mentoring relationships, encourage communities of practice, ensure that passing knowledge on is rewarded, Protect people’s privacy, and decide whether you’re interested in recorded knowledge as well.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts