StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Issue of Security in an Organization - Coursework Example

Cite this document
Summary
The paper "The Issue of Security in an Organization " highlights that any form of revision that is to be carried out on the policies developed should be done at the management’s discretion also bearing in mind the changes that take place in the I.T. structures and also the technology…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.7% of users find it useful
The Issue of Security in an Organization
Read Text Preview

Extract of sample "The Issue of Security in an Organization"

?First Assignment Security Policies The issue of security in an organization is something that should be treated very carefully. This is particularly because there are a lot of associated repercussions in the event that there is a lapse in a firm’s security policies. As brought out in the case example, IT systems security is seen to be something that can bring about exposure of sensitive company information and also that of some of the employees. At the same time an employee who has been terminated from the firm may feel to a greater extent disgruntled and use the information at his or her disposal very much top the detriment of the firm that has fired him or her. This is something that is very much costly as it has been seen where some clients left the company in question and went to the competing company. In relation to the above case, there is a need of reviewing some of the policies in relation to the employee access to data and the revealing of information to parties that are not associated with the firm. There are some proposed policy changes that might just go a long way in preventing a repeat of the same from happening. Some of these include: 1. Termination or revoking of whatever access tools the terminated employee might be having in relation to the company’s database. 2. Wiping away of all the log files that may be related to the employee who has left the firm. 3. Instituting rules and regulations that have legal implications in the event that there is flaunting of these rules and this is in particular regard to the sensitive nature which information may be characterized. Company records prove to be something that is rather vital for the survival of a particular firm. For this reason there has to be the devising of some policies that will bring about the safeguarding of this information. One of the policies that may be of focus in this case is the development of log files which will enable the administrator to keep track of the employee activities in the system. These files will bring to light what that particular employee has done in the system and what information he or she has accessed. In addition to this it provides tracks such that there will be evidence available when it is needed. Assignment 3 The issue of logging user activities in systems has become something that is of the essence to most organizations that are after the safeguarding of the information which they possess. In this particular case having a deeper understanding of just what logging entails will be something that is rather important in a bid to understanding the importance of the matter. These log files come up in various systems and means of access that may be there to the users of computers. Some may be in relation to the websites which these users access while others may be in relation to the information on the system which these same users access at times. The development and application of the log files will be dependent on the type of environment that the particular user is in. Some of the logfiles may be in the online environment while others are just used in the typical database. The language used in their development will also depend on the language that the environment is founded on. These may be web-based languages such as PHP and HTML while others may be reliant on the database systems such as My SQL. Some of these logging utilities come with the system upon purchase while at the same time there are those that are custom made for the purpose of meeting the specific firm requirements. Of these it is more advantageous to come up with a system that can provide the tracking and warnings or notifications in the event that the set barriers are violated. This is where developing of the logs as opposed to their purchase is of importance. What a person can create a person can also destroy. What this means is the fact that these log files can be bypassed by whoever has a critical knowledge of just how good they work. It will be particularly hard to develop a system that is completely fool proof. Question 4 There are a number of options that an organization may embrace when it comes to the choice of the tools of software to use in the course of its operations. One of these options may be to develop a system in-house, to purchase an already developed system or software or on the other hand the firm may opt to look for software that suits its functionality online. This is actually what is referred to as freeware or shareware. One major motivating reasons for the firms that use shareware is the amount of savings that can be done in the event that the shareware meets the needs of the firm. This is majorly because the softwares that are available are there free for everyone to use, manipulate and at the same time make changes. There are a variety of threats that are exhibited in the computer environment every single time. With this knowledge there have been some tools developed for the purpose of preventing or detecting some of the major potential threats. These are intrusion prevention systems and intrusion detection systems. The choice of tool depends on primary security of the data or or the costs that may be associated with the acquisition of the tools. One major characteristic that these systems possess is the fact that they are network-based. This is majorly because most forms of intrusion do take place in a networked environment. The Honeynet website is particularly important to information security experts in the sense that it provides them with insights on some of the various factors that play a significant role in a network. These include the transfer and protection of data and some of the security features that are to be implemented in a good network. There are various ways through which malicious people on the internet use to carry out their activities. These may include hacking among others. Some of the ways through which these individuals achieve their objectives include the use of attractive software or programs which may end up installing themselves on the computer and thereafter crippling the network services. There are various ways through which access to these programs may be limited. One of the major ways that this can be prevented is through the use of firewalls and other network intrusion detection programs. These may include those that carry out network behavior analysis. Any anomaly in the network information should be highlighted to the Network security manager and at the same time the users should be wary and cautious of the various ways through which network intruders and malicious people can gain access to the computer network or the computer files. Assignment 2: Security policy Introduction The main purpose of this document is to develop an IT policy framework that will be aimed at guiding the employees in their everyday engagement with the computers and the organization network. Its development is for the purpose of the I.T. infrastructure security. Glossary Information Security Officer – This is the person in charge of overseeing the security of information related to IT in the organization. Resource Owner – This is an administrative officer who is the given responsibility of managing specific information within his or her functional area. Scope The scope of this policy applies to all individuals associated with the organization and these include: staff contractors management temporary staff faculty At the same time the policy applies to all resources owned by the organization including information technology hardware and the related software: network systems access card systems other technology hardware personal computers computer integrated telephony Policy Awareness It is the primary responsibility of each and every individual in the organization to familiarize themselves with the polices that have been laid down in relation the I.T. infrastructure in the firm. At the same time there will be adequate communication of these by the organization itself. Access to Equipment It is only those individuals that have privileged access who will be allowed to access the equipment that is being used by the firm. And in this case also the provision of some credentials may be required at some levels. Access to Data Employee credentials will be of the essence when it comes to the access of certain information and at the same time this information will not be readily available to all the employees. Violations Any form of violation of the laid down rules and regulations may lead to legal ramifications not forgetting the probable sacking of the person in question. Revisions Any form of revision that is to be carried out on the policies developed should be done at the management’s discretion also bearing in mind the changes that take place in the I.T. structures and also the technology. References Boyles, Tim (2010). CCNA Security Study Guide: Exam 640-553. John Wiley and Sons. Engin Kirda; Somesh Jha; Davide Balzarotti (2009). Recent Advances in Intrusion Detection: 12th International Symposium, RAID 2009, Saint-Malo, France. Robert C. Newman (2009). Computer Security: Protecting Digital Resources. Jones & Bartlett Learning. Tipton, Harold & Krause, Micki (2007). Information Security Management Handbook. CRC Press. Vacca, John, (2010). Managing Information Security. Syngress Whitman, Michael & Mattord, Herbert (2009). Principles of Information Security. Cengage Learning EMEA. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Coursework Example | Topics and Well Written Essays - 1250 words”, n.d.)
Retrieved from https://studentshare.org/other/1399073-coursework
(Coursework Example | Topics and Well Written Essays - 1250 Words)
https://studentshare.org/other/1399073-coursework.
“Coursework Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/other/1399073-coursework.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Issue of Security in an Organization

The relation between IM, Information Security and HRM

Information, being such an important resource in an organization,.... Information is one the most fundamental resources of an organization, one that needs to be managed like any other resource, like plant, equipment or people.... Human resource department is responsible for managing human capital of an organization.... In the end the paper discusses the need for an accurate measurement system and a continuous improvement policy to ensure the organization is abreast with the dynamic nature of the issue and is prepared to meet newer security concerns....
13 Pages (3250 words) Essay

Network Security Principles

In this scenario, it is essential for an organization to implement strict security policy.... However, if an organization fails to put into practice an effective network security then an attacker or competitor can get access and use the important or secret data and information, probably causing data destruction or damage, or even the entire destruction of the computer network (Kaminsky & Foster, What is Network Security?... As discussed above to deal with network security threats and an organization must implement an effective security policy....
3 Pages (750 words) Essay

Network Security Control

But with this ease of information access comes the issue of security.... Whenever transactions or information between a customer and an organization are being carried out, a particular pattern is followed.... For example, if a customer buys a product of a particular organization through their web-site and a hacker presents himself as the organization and receives the money from the customer, valuable information such as the ID of the customer, his credit card numbers, his passwords are all stolen by the hacker....
6 Pages (1500 words) Essay

Food Insecurity Projects Conducted by the Following Organizations

One of the many responses that it is covering as an international organization is to address the issue of grain prices (Smith and Alderman 178).... Manufacturers and wholesalers are urged to dispose of surplus food by the organization through the food banks present....
12 Pages (3000 words) Research Paper

Human security in the UAE

Additionally, food insecurity in the Arabian countries, struggle over the nuclear program in Iran, and the pulls in Iraq contribute to the poor human security in the UAE (Vallet, 2014).... Unlike older concepts of security that dwell on securing borders from peripheral.... At a bare minimum, the term human security implies freedom from the fear of violence.... National security and human security ought to be, and often are, mutually reinforcing....
4 Pages (1000 words) Essay

Information Security Challenges and Technologies

In this scenario, these issues create the need for organizations to manage information security in a proper and effective manner.... In spite of a number of security initiatives, customers and business organizations are still worried about the security of data and information.... t the present, there have emerged a wide variety of security issues that make information security a real challenge.... In their daily lives, people often face or see this kind of security issue....
6 Pages (1500 words) Coursework

The Security Issues that are Faced by a Particular Organization

The author points out that networking also helps in the sharing of the resources in an organization.... Networking also enables an organization to conduct its operations over the internet.... The paper 'The Security Issues that are Faced by a Particular organization' presents networking which is an important aspect for any organization.... This is because it facilitates communication between the staff of the organization, as well as facilitates the communication of the organization....
8 Pages (2000 words) Case Study

Issues Related to Security Interoperability and Operations

) Failure to identify Recovery Time Objectives, as well as Recovery Point Objectives for the organization's critical business processes and systems in the DRBCP, was still another major issue.... This case study "Issues Related to security Interoperability and Operations" focuses on the issues faced by Banking Solutions Inc, a number of them are related to security, interoperability, and operations.... More importantly, the best IT security controls would be the one giving way to the promotion of objectives as well as measurable progress indicators in aspect like information security, item progress, and operations among others....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us