Information Security - Report Example

Information Security Name Institution Course Lecturer Date Dhillon & Backhouse (2000) stated that personal information amasses a lot of confidential information about personal interests, thoughts, education, interests and financial status. A lot of this information is collected, processed and stored in home based computers, laptops, smart phones, tablets and notepads. The information is also transmitted via networks to other electronic devices Personal information security is vital to ensure privacy of secret information and document. Organizational information requires a lot of protection from competitors and hackers. This helps to avoid losses and damage of organizational reputation. Defending organizational information is an organizational, ethical and legal requirement. It ensures protection of organsational information about their customers, employees, products, research and financial documents. The regulation of information security has in recent years increased and improved drastically. The legality and security installation have been improved in organizational in attempt to maintaining information security. Information security is the (Dhillon & Backhouse 2000) Information security needs to observe different principles of information security. Such principles include confidentiality, integrity and availability of information. An organization requires security to ensure accountability as well as a risk management strategy. The information security data requires maintenance, accuracy, consistence and assurance of Information (Whitman 2003). As a result the information is supposed to remain unmodified by unknown or unauthorized individual. The information also should be readily available so as to assist in its functions. Consequently the security control and communication channels of the information must be functional. This ensures transparency and non-repudiations within an organization. As a result the need for security of information in an organization is very crucial in ensuring increased and the process of risk management is continuous and vital in an organization (Peltier 2005). This is because risks and vulnerability of information in an organization keeps evolving. The control of risks is thus subjected to change to insure cost, production, measure and efficiency of protected data. To ensure information security a risk evaluation process is carried out .The process starts with risk assessment which is done by group knowledgeable personnel. The assessment uses quantative and qualitative analysis of available information (Peltier 2005). The assessment should identify the assets such as software, hardware and data within an organization and estimate their value. It should in addition conduct an assessment of threat that originates from within and without an organization. A conduct of an assessment for different threats and determine the prospect that it can be dealt with. The Information Security can conduct an independent and professional evaluation of an organization. The evaluation should be subjective and independent. The evaluation need to make certain the actual information security operations are in compliance with administrative security policies. This ultimately benefits the review of the viability and efficiency of the concrete organizational operations The evaluation process involves the organization employees (Whitman 2003). It especially involves employees involved with information facilities and, information system managers, providers, users, maintainers and data owners. The evaluation should ensure that employees are constantly and effectively follow security regulations policies set by the government and the organization .The evaluation of employees also identifies the roles of information security staff in maintenance, protection and effecting information security in an organization A team of experienced and qualified engineers conduct evaluation on security of organization systems. The inspection can be done either manually or automatically using software to establish technical hitches and establish evaluation reports for analysis. The Information operation system also requires constant and regular evaluation on the different operating systems. These systems include operating system, hardware, and network operating and database management. The evaluation conducted need to confirm and ensure that hardware and software are working properly and are up to standard. The evaluation also ensures that the operating systems are in compliance with security policies and regulations (Peltier 2005). Evaluate procedures should also assess the policies, training, security, physical standards, technical security and quality control. The organization should then calculate the impact that each threat have on different asset (Peltier 2005). Then use qualitative analysis or quantitative analysis to Identify, select and implement appropriate control measures. An evaluation of the effectiveness of the control measures should also be taken before provision of required cost effective protection without any loss in production. The organization should ensure authenticity in an organization (Hong et al 2003). The information transactions and details in an organization should be constantly validated to ensure that they are genuine .The stakeholders involved should be authentified to confirm they are genuine and real ones. The authentificatification can be validated by use of features such features as the passwords and digital signatures which verifies that data is accessed by specified persons and data is sent by authorized persons (Hong et al 2003). This helps in risk management and avoids damage or distortation of information Whitman (2003) stated that an organization needs to obey the non-repudiation law. This means that the organization validates ones intention in implementing the obligations set out in a contract. This helps to ensure that any given party cannot refuse that it indeed transacted or received some data or conducted a transaction in an organization. Security evaluation is a process of assessing and measuring the threats and vulnerability in an organization and taking security measures .This promotes and enhances achievement of goals and objectives of an organization (Hong et al 2003). The process is continuous within an organization and must be conducted regularly. This is because the environment, technology and innovation in an organization keeps involving drastically. The software, hardware and backups need to be inspected regularly to ensure security of information. Control measures refer to the act of taking charge and responsibility before a risk occurs. It is a risk management practice that aims at protecting information in an organization. The control measures need proper, careful and selective choice depending on the risk and threat involved (Peltier 2005). Security control therefore aims at protecting the integrity, availability and confidentiality of information The administrative control measures refer to the written procedures, policies, guidelines and standards (Peltier 2005). They form a basis for managing information among employees and stake holders in an organization. Organizations and governments formulate these policies and regulations in an effort to ensure information security .Such policies may include the hiring policies, corporate security policies and password policies. These policies form the framework for selection and implementation of administrative information control measures. The security information is often faced with numerous challenges and limitations. One such challenge is that it is difficult to establish and predict threat and vulnerability in the organization operating systems. Security information threats and vulnerability are not easily and quickly detectable and noticeable. Some threats are also not manually detectable. Hong et al (2003) recommends that, they require sophiscated and modernized softwares to ensure high quality information safety. A good example is mass information that is distorted or tampered with. It may not be easy to detect the distortations manually unless an employee is tasked with a task of reading the data. Even in such an event an employee is not able to detect the distortations if they were not conversant with the original documents. The findings of this research recommends that software be developed that can identify any distortation of data to prevent hacking and counterfeit data that may bring loss and ruin an organizations reputation. The findings of this research indicate that the information security policies are approached upon trial and error method and are often challenged by the operation system users. Instead of formulating policies that are regularly and constantly formulated and updated; policies are reviewed after a very long time (Dhillon & Backhouse 2000). As a result, the policies established are sometimes passed by time and technology thus, reduced information security .The polices formulated by a company and government should therefore, be constantly reviewed to fit the global changes of technology and innovations. This will also ensure easy validity of information in an organization to prevent gross loss. However, as Dhillon & Backhouse (2000) observes, information security is has endured a lot of innovation and transformations. These innovations have helped in curbing the threats and vulnerability in an organization. The creation of awareness and training of members of the public has helped to prepare the public society psychologically and mentally for fake information from different source and organizations. For example the public is made aware in advance by use of other methods of communication on a company’s progress, plans and promotions. Security information targets the prevention of conning, hacking and damaging an organizations reputation. The development and use of specific code numbers also helps the public to identify and counter fake data .These developments, innovations and creation of awareness through teaching and training has helped increase information security (Gordon & Loeb 2002). It is therefore recommendable that organizations identify and incorporate other methods of communication to ensure that the public and especially the customers get genuine and original data. The development of security information policies has in addition helped to safeguard information.Policies ensures that the authecity of data is specified and identified.The use of such policies as passwords and digital signatures ensure that access to certain information is more elaborate and safeguarded .This is because only authorized persons have access to password or signatures used in technology. This helps to prevent damage and loss of organizational information. According to Dhillon & Backhouse (2000), constant reviews on backup and software of information operations also helps to ensure that data is not lost in an organization. The information backups are tested constantly to detect threat and damage of information. This helps to ensure that the customers and other stakeholders receive the appropriate information thus safeguarding and promoting an organizations reputation and products. The economic and global changes have enhanced the role of information security (Gordon & Loeb 2002). Organizations have therefore to develop and safeguarded their data. Innovation of information security measures in an organization is essential in improving methods and means of information storage and recovery of data as well safeguarding organizational data from hackers and competitors who may damage or distort organizational data to create competitive advantage. Organizations should therefore monitor its data by adaptation of recent and enhanced information security technology to increase data security and enhance production while reducing competitive advantage. Information security is perceived as the practice of protecting data from unauthorized person. It helps to ensure privacy to personal or organizational information. This privacy is important in safeguarding a product and discovery in an organization .It also helps to safeguard the promotion and marketing of products .It is therefore vital to protect organizations data to ensure genuine and accurate data is received. Consequently, information security will enhance marketing, promotion and productivity thus increasing profitability in an organization. References Gordon, L A, & Loeb, M P 2002 The economics of information security investment ACM Transactions on Information and System Security TISSEC, 54, 438-457. Denning, D E R 1999 Information warfare and security Vol 4 Reading MA: Addison-Wesley Anderson, R 2001, December Why information security is hard-an economic perspective In Computer Security Applications Conference, 2001 ACSAC 2001 Proceedings 17th Annual pp 358-365 IEEE. Dhillon, G, & Backhouse, J 2000 Technical opinion: Information system security management in the new millennium Communications of the ACM, 437, 125-128. Jain, A K, Ross, A, & Pankanti, S 2006 Biometrics: a tool for information security Information Forensics and Security, IEEE Transactions on, 12, 125-143. Whitman, M E 2003 Enemy at the gate: threats to information security Communications of the ACM, 468, 91-95. Peltier, T R 2005 Information security risk analysis CRC press. Hong, K S, Chi, Y P, Chao, L R, & Tang, J H 2003 An integrated system theory of information security management Information Management & Computer Security, 115, 243-248. Workman, M, Bommer, W H, & Straub, D 2008 Security lapses and the omission of information security measures: A threat control model and empirical test Computers in Human Behavior, 246, 2799-2816. Read More

It especially involves employees involved with information facilities and, information system managers, providers, users, maintainers and data owners. The evaluation should ensure that employees are constantly and effectively follow security regulations policies set by the government and the organization .The evaluation of employees also identifies the roles of information security staff in maintenance, protection and effecting information security in an organization A team of experienced and qualified engineers conduct evaluation on security of organization systems.

The inspection can be done either manually or automatically using software to establish technical hitches and establish evaluation reports for analysis. The Information operation system also requires constant and regular evaluation on the different operating systems. These systems include operating system, hardware, and network operating and database management. The evaluation conducted need to confirm and ensure that hardware and software are working properly and are up to standard. The evaluation also ensures that the operating systems are in compliance with security policies and regulations (Peltier 2005).

Evaluate procedures should also assess the policies, training, security, physical standards, technical security and quality control. The organization should then calculate the impact that each threat have on different asset (Peltier 2005). Then use qualitative analysis or quantitative analysis to Identify, select and implement appropriate control measures. An evaluation of the effectiveness of the control measures should also be taken before provision of required cost effective protection without any loss in production.

The organization should ensure authenticity in an organization (Hong et al 2003). The information transactions and details in an organization should be constantly validated to ensure that they are genuine .The stakeholders involved should be authentified to confirm they are genuine and real ones. The authentificatification can be validated by use of features such features as the passwords and digital signatures which verifies that data is accessed by specified persons and data is sent by authorized persons (Hong et al 2003).

This helps in risk management and avoids damage or distortation of information Whitman (2003) stated that an organization needs to obey the non-repudiation law. This means that the organization validates ones intention in implementing the obligations set out in a contract. This helps to ensure that any given party cannot refuse that it indeed transacted or received some data or conducted a transaction in an organization. Security evaluation is a process of assessing and measuring the threats and vulnerability in an organization and taking security measures .

This promotes and enhances achievement of goals and objectives of an organization (Hong et al 2003). The process is continuous within an organization and must be conducted regularly. This is because the environment, technology and innovation in an organization keeps involving drastically. The software, hardware and backups need to be inspected regularly to ensure security of information. Control measures refer to the act of taking charge and responsibility before a risk occurs. It is a risk management practice that aims at protecting information in an organization.

The control measures need proper, careful and selective choice depending on the risk and threat involved (Peltier 2005). Security control therefore aims at protecting the integrity, availability and confidentiality of information The administrative control measures refer to the written procedures, policies, guidelines and standards (Peltier 2005). They form a basis for managing information among employees and stake holders in an organization. Organizations and governments formulate these policies and regulations in an effort to ensure information security .

Such policies may include the hiring policies, corporate security policies and password policies.

Read More