A Risk Assessment and Analysis of Information Security - Research Proposal Example

RESEARCH PROPOSAL Risk assessment Computer networks remain prone to damage from different sources, hence the need to undertake a risk assessment and analysis. An information system remains prone to cyberspace attacks and malicious damage from criminals. While physical damage can also occur, the greatest risk comes from online attacks coming from malicious individuals. Online attack can cause the system to completely shut down, consequently losing essential information. This loss must be prevented through ensuring sufficient security on the information contained within the system. Threats for this network system are both internal and external. Malicious damage could be prevented through the utilisation of different security checks aimed at authenticating identities of individuals utilising the system. Passwords remain a common method utilised in identification of authorised individuals accessing an information system System monitoring strategy The system shall consist of a self assessment strategy aimed at ensuring multi-level security of the entire system. The approach adopted for the system shall occur at different layers of the system stack. The various layers shall include the following User Application Infrastructure Intrusion Detection and Prevention System (IDPS) These applications are implemented to monitor malicious activities within an information system platform (Whitman & Mattord, 2009). Network behaviour analysis shall be utilised in the prevention of intrusion. This kind of prevention analyses network behaviour and identifies threats through monitoring unusual activities. Statistical anomaly based detection shall be employed in detecting threats occurring within the network. Information system audit Information system audit is aimed at analysing the development strategy for the information system. The auditing process shall be undertaken by a professional IT organisation to ensure all aspects of the system are effectively checked. The working processes and practices must also be analysed as a way of improving the functioning of the system. Information assurance Information assurance could be defined as the application of numerous methods of providing protection for information systems, like computer networks. In providing protection of computer systems there are five fundamental qualities which as system must sufficiently satisfy to ensure successful protection. The five qualities are as listed below Integrity, which seeks to ensure the systems remain unscathed and not tampered with. This includes things like anti-virus software, and entry protection codes to minimise malicious information damage Availability, which seeks to ensure users, can gain access to the system as required. This also involves providing protection from unwanted entries, like hackers. Authentication, seeks to ensure correct user identity. This might include utilisation of passwords, tokens or other authentication devices. Confidentiality, seeks to ensure that only individuals with correct authority have access to the information contained in the system. Non-repudiation – this ensures that the system maintains a record of all activities undertaken. This works in ensuring that individuals remain responsible as their actions can be retraced within the system. Encryption This refers to the process of encoding information to ensure only accredited individuals have access to the information. Symmetric and asymmetric keys remain the major methods utilised in information encryption today. Symmetric key method refers to the utilisation of a single key, known to the individuals communicating (Collier, Linkov, & Lambert, 2013). The secret key is used to decrypt messages between the individuals. Since the secret key can fall into wrong hands, asymmetric encryption provides a solution to this challenge. Asymmetric keys involve utilisation of public keys in encrypting messages which can only be decrypted through a private key known only by the recipient. This minimises the probability of messages being decrypted by unauthorised individuals. Public – Key Infrastructure This refers to a designated set of procedures and policies required to assist in management of information systems. Numerous users become assigned to different keys, which they utilise in accessing the information system platform. The PKI provides each user with a unique identity utilised in authenticating the user identity before individuals can access the information system. The assurance level remains an essential indication of the effectiveness of the PKI. Hashing Hashing can be described as the process of producing hash values which are utilised to access information systems, enhancing data security through limiting access. The hash value normally consists of numbers generated from numerous texts. The hash value is generated through a designated formula which ensures that similar hash value cannot be generated by other texts. The role of hashing remains ensuring that transmitted messages remain intact. The message sender creates a hash value which encrypts the message. The hash value is attached to the message and sent together. Hashing can also be utilised in ensuring limited access to data through the creation of a hash table index for different texts, which are known to individuals allowed access to the information. Encryption algorithms Blowfish This remains a quick encryption algorithm specifically designed for systems utilising 32-bit microprocessors. When utilised on systems with 32-bit microprocessors, the method remains considerably faster than GOST and DES. Various adoptions of the blowfish algorithms have been utilised to enable the algorithm to be utilised in microprocessors higher than 32-bit. GOST This algorithm was introduced and commonly utilised in the former Soviet Union. The method involves cipher and output feedback modes, but both remain limited to 64-bit microprocessors. The algorithm does not include secrecy level of stored information. Two-fish The method utilises symmetric key approach, where a single key encrypts and decrypts data. The method continues to be increasingly utilised as it can accept keys up to 256-bit in length. The increased length has been the major reason for increased application of the algorithm. Tunnelling This can be defined as a technology which enables a network to send data through another network. The process encapsulates network protocols within the packets carried by other networks, consequently enabling transfer of information and data. The utilisation of a secure shell (SSH) enables unencrypted data to be transmitted through an encrypted channel, safely (Melville, 2010). The utilisation of SSH tunnels enables bypassing of numerous firewalls, which are inhibitors of many internet services. Tunnelling utilises protocols which majority of available firewalls cannot block. Through tunnelling, data can be transferred safely through an unsafe network. Safety of the information remains fundamental when utilising a different network which might be public. Redundancy strategy Redundancy refers to the provision of a back-up system which would ensure safety when the main system fails. The information system will remain connected to a similar system in a remote location. Upon accessing the main system, both the remote and core system will be accessed, with data being changed concurrently on both systems. This will ensure the remote system remains updated as the core system. The core system shall perform authentication for individuals accessing the system, ensuring only accredited individuals gain access. The remote system shall update every five minutes following data changes on the core system. This will ensure the remote system remains safe from online attacks which might face the core system. Disaster recovery Recovery process following failure of the core system shall remain based on the type of disaster. In cases of cyberspace criminal acts, recovery shall occur immediately as the remote system is designed to block suspicious threats coming from the core system. The remote system shall be located far from the core system to provide safety from physical damage of both systems. Physical damage will be followed by installation of another system which shall be similarly linked to the previous system. The duration for installing the system will vary depending on the damage. Total destruction of the system would take approximately 3 months to recover fully, with other damages raking shorter times. References Collier, Z. A., Linkov, I., & Lambert, J. H. (2013). Four domains of cybersecurity: a risk-based systems approach to cyber decisions. Environment Systems and Decisions, 1–2. Melville, N. P. (2010). Information systems innovation for environmental sustainability. MIS Quarterly, 34(1), 1–21. Whitman, M. E., & Mattord, H. J. (2009). Principles of Information Security. Stamford: Cengage Learning.  Read More