America Civil Aviation Authority - Essay Example

America Civil Aviation Authority Abstract The paper presents more detail on America Civil Aviation Authority as the chosen enterprise. It elaborates on the IT requirements of the company including the company’s assurance and security plan not excluding the policies, procedures and technologies used to protect the company. It also shows the company’s organizational infrastructure. Introduction CIO Strategy I’m the Chief Information Officer (CIO) of the America Civil Aviation Authority which is an air-services regulatory company with employee strength of 500 and an additional IT workgroup of 10 people. The authority is housed within the America Airports Authority (AAA) head office. It is around 18km from the city centre and about 20-25 minutes ride depending on the traffic. The authority’s broad key functions are to regulate the aviation industry in America, to provide air navigational services within America’s Flight Information Region (FIR) and to offer training for aviation personnel. The company provides an air transport reimbursement facility to those employees who incur expenditures in flight ticketing, which means that the expenditure incurred by employees in air ticketing is compensated by the company. The process described above has been automated by a system and some IT infrastructural resources and assets that depend on IT for a complete transaction or operation. The average users of the system include the staff, the IT administrators and the finance employees. The staff members require the following IT requirements: a computer networked with the organization’s server in the server room. The computer should be able to remotely connect to the server in the server room in order to access the system remotely. The server is able to identify the users with specific IP addresses. The server then filters the addresses and initiates an access control procedure. Access to the system is controlled on the basis of the users’ IP addresses. Once the server identifies the IP address, it displays the appropriate interface to the user. The IT administrators are the technical users of the system. They handle all processing of applications by other staff members. They also ensure that the system is available to all users 24 hours a day 7 days in a week. The finance staff members, on the other hand, only verify the identification of the employees who are to be compensated. The reporting structure of the organization and the senior IT group are as shown below: ACAA Infrastructure The following diagram shows the organizational structure of the America Civil Aviation Authority starting from the chief information officer (CIO) to the other departments within the organization. It is one of my duties as the CIO of ACAA to protect all the information regarding ACAA as an organization as well as an enterprise. All the ACAA IT functions are overseen by me. In addition, I also ensure ACAA data integrity is protected. Given that ACAA treats IT as an organizational asset, it is my duty therefore, to make sure that IT is perfectly aligned with the ACAA business goals. Such duties as the establishment of technical service centers, data centers, scheduling production, communication networks, the development of computer programs and employee training are tasked to me. I am privileged with the ability to make and take strategic decisions regarding IT given the availability of large amount of information associated with my position. I, however, work closely with the executive management, CEO, stakeholders and Board of Directors in the decision making process. It is my duty to ensure that complete and accurate data are obtained by both the ACAA internal and external customers in a timely manner. This is achieved through research and implementation of the latest developments, technologies and trends. I make sure my IT staff is innovative in order to be able to convert the organization’s opportunities to its strength. Disaster Recovery and Business Continuity planning are critical services in ACAA that entirely depend on IT. It is therefore my responsibility to make sure such plans are in place in order to be able to handle future attacks and threats such as hackers, disasters, identity theft, viruses and phishing that pose threat to the continuity of ACAA as an enterprise and mostly as an organization. With the help of my staff in the IT department, I provide technical support to ACAA computer users, such as new hardware and software installation, repairing hardware, trouble shooting and training ACAA employees on new software usage. Administrational duties such as installation and maintenance of ACAA network are tasked to me in addition to ensuring that the ACAA employees are able to communicate with ease over the organization’s intranet and Internet. The staff under my department has the responsibility of developing new computer programs that are specific to ACAA as well as maintaining the existing ones. ACAA IT Requirements The following are the IT requirements for the enterprise: A computer is networked with the organization’s server in the server room. The computer should be able to remotely connect to the server in the server room in order to access the system remotely. The server is able to identify the users with specific IP addresses. The server then filters the addresses and initiates an access control procedure. Access to the system is controlled on the basis of the users’ IP addresses. Once the server identifies the IP address, it displays the appropriate interface to the user. The diagram shows the connection of the assets and resources The above structure is made simpler by implementation of a domain system. The domain system connects different client computers to a central server at the server room. It is easier to manage several computers from a single domain as compared to reaching out to individual users. ACAA security assurance plan In an effort to protect the valuable information assets of the America Civil Aviation Authority, I, as the CIO together with my peers, devised a number of security policies. These policies help the ACAA organization set procedures and practices in place in order to minimize the chances of an attack (Whitman and Mattord 14). The America Civil Aviation Authority security assurance is realized using the following metrics: Integrity This is the ability to ensure that information being displayed by the system or being transmitted or received over the Internet has not been altered in any way by an unauthorized party. Integrity ensures that the value and state of data and information are maintained and protected from an authorized modification. The users and possible customers of ACAA can question message integrity if the contents are suspicious and out of character for the person who sent it. The system administrators must deal with the issues of integrity when determining who should have authorization to change data. The more people with authority to change data, the greater the threat to integrity both outside and inside (Whitman and Mattord 14). The ACAA system ensures message integrity by use of cryptography and access control matrix. Cryptography means secret writing in a way only the intended recipient can understand; data is coded in a way that only the intended user is able to decrypt the encrypted information in order to retrieve the intended message. This ensures information security in that it prevents such attacks as man-in-the-middle from intercepting and decoding the information intended for others. Access Control Matrix is limiting access to the system on the basis of authorization and verification of the identity of the user. Cryptography and access control matrix ensure data and information integrity since they see to it that the four essential factors of ACAA information and data such as completeness, timeliness, accuracy and validity are put in place (Whitman and Mattord 14). In other words, the ACAA system enables the information circulated within and outside the organization is complete, in time, valid and accurate. Given the fact that only correct information has value, ACAA ensures data and information integrity through the use of such security measures on information as controlling the access to certain, often sensitive information, besides data and information encryption. The organization does its best to ensure the circulation of data and information among its customers, users and staff is trustworthy, thus assuring its customers and stakeholders of the information integrity. Confidentiality This is to ensure that messages and data are available only to the intended recipients. To ensure confidentiality, the CIO implements a public key cryptography which is obtained from a trusted certificate authority. This system ensures confidentiality by encrypting the messages sent with the recipient’s public key which is issued by a certificate authority and the message will later be decrypted by the recipient’s private key which is only known by the recipient. Confidentiality is achieved in the sense that only the intended recipient receives the message. Privacy This is the ability to control the use of information a user provides about him/her to the system as stated by Jones. In order to ensure privacy within ACAA, I, as the CIO, have ensured that there are two concerns for the system administrator: establishment of internal policies in the handling and use of the user information and protection of the information from illegitimate or unauthorized use (Jones 1-2). Non-Repudiation According to Jones, non-repudiation is the ability to ensure that users of the system do not deny their online actions. For example, free E-mail accounts make it easy to post comments or send messages and later deny doing so (1-2). Non-repudiation is controlled by the use of an arbitrator within the system. An arbitrator is a component of the system which handles denial actions. Public key cryptography can also be used to prevent non-repudiation. Accountability This is the ability to identify the person a customer is dealing with on the Internet or the person is not using a false identity. This system ensures accountability by appending a digital signature on confidential messages before sending them through the system. A digital signature is a private key only known to the sender of the message and is used to sign confidential messages in order to verify that the communicating party is indeed who he claims to be (Jones 1-2). To achieve accountability and authentication, the recipient decrypts the message using the sender’s public key, hence accountability is achieved (Jones 12). Survivability ACAA system ensures survivability through risk management mechanisms and contingency planning through computer security which ensures that right information is delivered to its users at the right time. It is a core factor in ensuring a timely completion of the company’s mission. The system has computer information security measures and risk management plans in place, such as data backups that ensure the security to highly distributed information services and assets in order to maintain and sustain missions which are critical to the organization. Works Cited Jones, Amritw. "Information Survivability vs. Information Security Amrit Williams Blog." Amrit Williams Blog. N.p., n.d. Web. 6 May 2012. . Top of Form Vacca, John R. Computer and Information Security Handbook. Amsterdam: Elsevier, 2009. Print. Whitman, Michael E., and Herbert J. Mattord. Readings and Cases in Information Security: Law and Ethics. Boston, MA: Course Technology, Cengage Learning, 2011. Print. Top of Form Bottom of Form Bottom of Form Read More