The present essay entitled "Controls for Information Security" concerns the way of controlling information security. According to Romney, information Security affects information systems reliability by ensuring that malicious threats do not cause downtime…
Download full paperFile format: .doc, available for editing
Extract of sample "Controls for Information Security"
Download file to see previous pages
The combination of preventive, detective and corrective controls are suitable for the security of an organization’s information system because the multiple control layers work together to avoid a single point of failure. The detective controls comprise of log analysis, intrusion detection systems and constant monitoring of the system (Romney, et al, 2012). Similarly, the preventive mechanism identifies the probability of an attack and initiates control measures, such as IT solutions, physical security or change of controls and management. The preventive control functions towards identifying and blocking the malicious risk. It involves the observation of safe computing practices that hinder unwarranted access by others. After the prevention measures, the corrective controls ensure that the affected data can be restored to usefulness. Considering this, the combination or the detective, preventive and corrective controls work through the entire systems by recognizing threats both internally and externally. Controls must always be in place in an organizational system since they protect the deletion, copying or transfer of data. This implies that controls also serve as data security that may reach the hands of unauthorized parties. It is essential to install all the control strategies that function together towards achieving the organizational performance (Romney, et al, 2012). This is because it is easy to thwart fraud cases that might involve the fabrication of data to suit the cybercriminals.
...Download file to see next pagesRead More
(“Controls for Information Security Essay Example | Topics and Well Written Essays - 500 words”, n.d.)
Controls for Information Security Essay Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/finance-accounting/1701259-controls-for-information-security
(Controls for Information Security Essay Example | Topics and Well Written Essays - 500 Words)
Controls for Information Security Essay Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/finance-accounting/1701259-controls-for-information-security.
“Controls for Information Security Essay Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/finance-accounting/1701259-controls-for-information-security.
...to recognize the identification of the user, which results in creating hazardous problems for the network. Access Types Access types means mechanisms to access information from the network. We can access the information from the network using personal computers and laptops. WPA is an abbreviation for WIFI-Protected Access. WPA provides security to the information that is sent over the network. WPA makes use of authentication, which makes only permitted computers access the information from the network. Authorization Authorization refers to the concept of access control. Authorization basically provides security to the...
...? InformationSecurityINFORMATIONSECURITY Following the anti-virus up from McAfee that affected computers running Windows XPinternationally, the company made an official announcement, contending that a very small percentage of their clients had been affected. The apology was initially given by a spokesman for the company, and it was him who claimed that only less than 0.5% of their clients had been affected by the erroneous update (Harkins, 2013). This was the wrong person to have come out with such an apology, and it seemed that McAfee realized it. The next morning, Barry McPherson, their EVP, released a statement that was well phrased, but still unapologetic. Again,...
...InformationSecurity: Balance and Management Introduction Determining an appropriate level of informationsecurity is often complicated by the factthat different professionals, be they general managers or IT specialists, often perceive security needs through a different set of priorities. Security specialists often see complexity and increasingly secure systems as a desirable business practice (Angus, 2007; Miller, 2005) whereas general managers are more likely to view informationsecurity practices within a larger business context. The objective data demonstrates a couple of points quite clearly. First, as noted by Angus, the organizations that decide to implement the strictest types of security are often much less secure than... ...
...Operations security and production control Operations security (OPSEC) is a method that is used to measure and improve the quality of any process to be undertaken. “OPSEC focuses on identifying and protecting information that might provide a competitor or adversary with clues to our plans or capabilities, and thereby enable the competitor or adversary to thwart a planned operation or activity.” (Operations Security (OPSEC)). Operations security involves a critical analysis of the process or activity from the competitors’ point of view. In this process, the security personnel steps into the shoes of the adversary to...
...Operations security and production controls The organization that I work for has well defined rules to regulate operational security and production controls. Each rule is well defined and the system ensures that each rule is well audited by the superseding rule. (M. E. Kabay and Myles Walsh). The concept of security should encompass both the concepts of physical as well as intangible materials like information which can be orally compromised.
The operational security in the firm is maintained by both uniformed personnel members of the staff who are directly associated with ongoing projects. From the security perspective, operations can be divided into tangible and operational security measures. Tangible security aspects involve... and...
...for ensuring the safety, privacy and confidentiality of an information. Network security is a vital component in ensuring enterprise security. Network architecture, software and policies, VPNs, device management, network prevention and intrusion detection, wireless security etc are some of the elements which should be controlled properly to ensure the network safety.
Nagarajan (n.d) has mentioned 9 principles or approaches for organizations to ensure the safety of their information. In his opinion, reviewing the principles given below will help an organization to formulate strategies for the information protection....
...of the transportable devices that are being used and also confirm that the employees are appropriately skilled (Ico, n.d.).
The implementation of e-business is now possible for organizations to access the data in case of catastrophic events such as fire (Butler, 2001). The security procedures of the information system also offer significant inputs in handling the information technology systems (Kissel & Et. Al., 2008).
Enhancing the InformationSecurity
However, the organization can implement effective systems of information technology in the form of software that would be tailor-made according to the requirements of the organization and...
...Kerberos System Kerberos System Kerberos is an authentication system or protocol created or developed by Massachusetts Institute of Technology (MIT) and adopted by most operating systems today. A basic knowledge of Kerberos is required to determine its usefulness in access control mechanisms provided by the operating system. Kerberos authentication process depends on certain formatted information or data packets referred to as tickets. The tickets are very vital in that they go via the networks rather than passwords. Conveying tickets rather than passwords makes the process of authentication resistant to threats or attacks that can intercept the network traffic (Brenner, 2008).
In the Kerberos milieu,...
..., detect and correct security weakness (www.sans.org c, nd)
7. Malware defense – control the spread of malicious code at multiple points. This would include rapid update of malware defense, data gathering and corrective action (www.sans.org b, nd).
8. Data protection – must have tools that will prevent data exfiltration to preserve the integrity of critical data.
9. Data recovery capability – system must properly back up critical data and must have capability to recover it in the event of attack and/or loss.
10. Continuous vulnerability assessment and remediation - - continuous evaluation of new information to identify vulnerabilities that would minimize if not totally eliminate...
Implementation of Access controlInternal Revenue Service (IRS) developed a documented access control policy that addressed the purpose, roles, responsibilities, management commitment, coordination among organizational entities, and compliance with all rules and regulations.
We also developed and documented procedures to facilitate the implementation of the access control policy and associated access controls including risk management.
These procedures and rules will be reviewed and updated at a specified period of time.
Account management is a control within the Access control family. It is denoted by identifier AC-2: This control enables the organization to manage information systems accounts including identi...
4 Pages(1000 words)Essay
Save Your Time for More Important Things
Let us write or edit the essay on your topic
"Controls for Information Security"
with a personal 20% discount.