StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Management Frameworks - Essay Example

Cite this document
Summary
The paper "Information Security Management Frameworks" states that the KDC searches the client’s master key depending on the client's password. The KDC then develops TGT and a session key to share with the client. The TGT incorporates a copy of S.A., time of expiry, and the client name…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.6% of users find it useful
Information Security Management Frameworks
Read Text Preview

Extract of sample "Information Security Management Frameworks"

Comparisons of two Information Security Management Frameworks The purpose of this program plan is to outline an efficient framework that will guide the health care industry in enhancing their cyber security and obtaining an appropriate but cost effective insurance cover. It defines essential elements of effective information security program without infringing the borders of law and other regulations governing it. It is imperative to have a plan of how the organization can be able to ensure its information is secured. This include important steps like assessing the risks both imminent and long term, having a structure responsible for information security and assigning the responsibilities, setting up personnel policies related to security and finally monitoring the security program the company will formulate. Security responsibilities in an organization are all-embracing that is why it is important to associate the employees in formulating the program. SQL information system management used in health care The health care information technology system in several instances is predisposed to various risks and threats among other vulnerabilities. The situation gets worse when such vices are channeled towards the information system targeting patients with life threatening conditions. Some of the risks, threats, and vulnerabilities include and are not limited to accessing public internet without authority, hacking resulting to penetration of IT infrastructure, and fire torching primary data (Rodrigues 56). In most instances, health-care centers have put in place web-based patient and physician portals to enable visibility in the organizations financial and clinical data. The physician portal is normally used for various purposes including viewing radiology and laboratory results, obtaining electronic medical records and completing charts. Similarly, the patient portal enables accessing patient’s information including test results, billing information, prescribed medication, scheduled appointments, and medical conditions. However, if secure coding of the web application is not implemented, vulnerabilities such as SQL injections and cross-site scripting are likely to occur. This occurs based on actions of exploitation from unauthorized users who may compromise sensitive information confidentiality via the internet (Gentile 69). Notable tools employed in the identification of healthcare related online risks include the Web inspect scanner by Hewlett, Web vulnerability scanner by Acunetix and the watchfire Appscan by IBM. Application of the above systems would then go ahead in selective selections of authentic databases, passwords, and user identities as far as the internet security is concerned. In order to tackle various threats and risks, sections of clinical systems have adopted wireless networks, which they use to present and obtain information at the point of care. For example, this has been applied at bedsides (Gentile 41). The wireless network policy enables the use of wireless network infrastructure to handle patient’s information systems. This kind of system with proper coding plays a significant role in ensuring that there is integrity, confidentiality, and reliable availability of patient’s information. If proper securing of information is not enhanced under such circumstances, it would greatly affect the organizations internal systems. The wireless network system ensures that proper regulations and procedures are put in place to handle the patient’s information systems. These include performance logs and network security. Training of steps in this field would then enable justified users such as permitted staff to understand encryptions and authentication of wireless mechanisms that are in use. To identify where unauthorized access points and rogue users are located, system administrators should use wireless scanning tools. On the same note, hospitals offering free access to wireless network for the public must always ensure that the person accessing information is authenticated. Regulations on whether the terms of access are acceptable by the organization must form the guidelines of access by public members. The health centre should clarify the entire wireless network access is segregated within internal network. The wireless network policy if therefore put in place will have the various advantages over fixed network systems since its portable thus easily applicable within the workstation. If effectively employed, the wireless network system is one of the fastest ways to enable information flow within the organization system (Gentile 99). The use of Kerberos System information management (security) system framework Kerberos is an authentication system or protocol created or developed by Massachusetts Institute of Technology (MIT) and adopted by most operating systems today. A basic knowledge of Kerberos is required to determine its usefulness in access control mechanisms provided by the operating system. Kerberos authentication process depends on certain formatted information or data packets referred to as tickets. The tickets are very vital in that they go via the networks rather than passwords. Conveying tickets rather than passwords makes the process of authentication resistant to threats or attacks that can intercept the network traffic (Brenner 12). In the Kerberos milieu, the process of authentication starts at logon. There are several steps used to explain the process of Kerberos authentication. i. When a client or a user enters the login details (username and password), the computer transmits the username to the KDC that has master databases of specific keys for every step in its arena. ii. The KDC searches the client’s master key depending on the client password. The KDC then develops TGT and a session key to share with the client. The TGT incorporates a copy of S.A, time of expiry and the client name. The KKDC then encrypts the tickets that the KDC recognizes. iii. The user computer gets the data or message from the KDC and operates the password via a one way hashing role that changes the password into the client’s KA. iv. If the user requires getting resources on a certain server of the same domain, it communicates with the KDC. v. The KDC develops a duo of tickets, one for the user and another one for the server on which the user requires to access resources. vi. The KDC takes the ticket of the server and shields or encrypts it utilizing the master key. vii. When the server gets the tickets, the client decrypts it utilizing S.A. This renders the KAB to the user and also renders or exposes the tickets of the server. After communication between the KAB and the server, the server decrypts the tickets by the use of its KB. In turn, this allows access to the KAB that can decrypt the timestamp for the user (Hornstein 10). References Brenner. Kerberos: Authentication with some drawbacks. Web. December 2, 2013. Gentile, Michael. The Ciso Handbook: A Practical Guide to Securing Your Company. New York: Auerbach Publications, 2005. Print. Gentile, Michael. The Ciso Handbook: A Practical Guide to Securing Your Company. New York: Aurbach Publications, 2005. Print. Hornstein. Kerberos-faq/general. Web. December 2, 2013 from http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html#whatis Rodrigues, James. Health Information Systems: Concepts, Methodologies, Tools and Applications. New York: Idea Group Inc (IGI), 2009. Print. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Comparisons of two Information Security Management Frameworks Essay”, n.d.)
Comparisons of two Information Security Management Frameworks Essay. Retrieved from https://studentshare.org/information-technology/1495507-comparisons-of-two-information-security-management
(Comparisons of Two Information Security Management Frameworks Essay)
Comparisons of Two Information Security Management Frameworks Essay. https://studentshare.org/information-technology/1495507-comparisons-of-two-information-security-management.
“Comparisons of Two Information Security Management Frameworks Essay”, n.d. https://studentshare.org/information-technology/1495507-comparisons-of-two-information-security-management.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Management Frameworks

Are the frameworks and principles of information security management

In this regard, the information security management framework involves countrywide, worldwide, managerial, and worker values to perform information security management.... What are the frameworks and principles of information security management?... In this regard, the information security management framework involves countrywide, worldwide, managerial, and worker values to perform information security management....
2 Pages (500 words) Research Paper

Information Security Management Issues

The essay "information security management Issues" analyzes the major disputable issues on the system of information security management.... Thus, an organized collection of procedures, people, and information technology (IT) structure that protects decisive systems and information, and secures them from inside as well as outside intimidations are known as information security management (ISM) (Sipior, & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
11 Pages (2750 words) Essay

The Information Security Framework

Full Paper Title Name University Question 1 information security Framework The information security framework is considered as the most wide-ranging framework model that guarantees entire security solutions of information by reducing business risks.... In addition, information security does not only focus on technological aspects, but also pointing out other core elements in an organization.... this is also considered as mandatory for information security....
3 Pages (750 words) Essay

Security Framework in the Modern World

The ISO 27000 Series security framework has been a priority in many individual agencies because most agencies are created to be able to accomplish their own missions making the security framework to be viewed as an important factor, which has to be budgeted for to ensure the tackling of information security threats.... Borders have relevance in tackling information security, and looking at borders, domains of various countries interact because they do not have borders, therefore, the domains of a nation will be related to the nation's willingness to assert sovereignty in the domains....
5 Pages (1250 words) Research Paper

Information Security Managment

This will be a great boost the different vulnerabilities and a number of frameworks that the company to ensure efficiency in its operation.... he appraisal of the organization will guarantee that the organization gets to be more secure and more trustworthy and that all the security risks are distinguished and wiped out.... The IT office directed a security review inside the firm to use the methodology and guaranteed successful evaluation of the usage of meetings surveyed by the different departmental heads2....
20 Pages (5000 words) Essay

Comparisons of Information Security Management Frameworks

From the paper "Comparisons of Information Security Management Frameworks" it is clear that choosing a specific IT security framework can be informed by more than one dynamic with the form of industry or the requirements of compliance being some of the deciding aspects.... Information management security frameworks are developed and founded on a structured set of independent recommendations, processes as well as practices predominantly from the information security management System Standard (ISO 27001)....
4 Pages (1000 words) Research Paper

Information security management framework

It is an overall description of the Topic: information security management Framework Security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information.... This is typically achieved through executing information security policies along with standard and guidelines....
1 Pages (250 words) Research Paper

The Development of the Internet Protocol Security

This lack of inherent security feature, therefore, requires that certain frameworks for IPs must be developed so that data is transmitted securely.... The author of the present research paper "The Development of the Internet Protocol security" points out that with the rise of the internet and increased use of technology it became more difficult for the organizations as well as for individuals to maintain their privacy and secure their data.... PSec is considered as a framework of open standards with the major objective of protecting and securing the communication between different networks through encrypting security services....
8 Pages (2000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us