Dependence on IT in Business Operations - Admission/Application Essay Example

Task InfoSec INTRODUCTION As organizations continue to increase their dependence on IT in business operations, information security has continuously presented numerous challenges. Information security has become a dynamic and complex function, which provides an approach for information security managers to implement holistic information management approaches, while addressing the fundamental business objectives (Whitman and Mattord 45). This dependence on computers has necessitated the inclusion of technology-based information security systems that seek to ensure protection of the information infrastructure’s different threats. Information is an important asset to the organizations and its protection is critical to the sustainability of organizational operations. The security system adopted by organizations should be able to have the following features and capabilities. FUNCTIONAL APPROACHES OF THE SYSTEM Risk avoidance – this is the basic reason why information security systems are implemented in many organizations. This seeks to ensure that the imminent risks are avoided by identifying them before they occur. The information security system should be focused on limiting the exposure to potential risks of information loss Deterrence – this is a function that is aimed at reducing the risk of threat through fear. Many of the threats that occur come from humans and the availability of an information security system reduces the probability of attack. This can include various communication strategies aimed at impressing potential attackers with the increased possibility of getting caught, while committing an offence. Prevention – this has been the main focus for traditional information security systems. This involves the implementation of different safeguards that seek to ensure the mitigation of threats before they can occur. These are aimed at stopping the threats from affecting the organizations. Detection –this seeks to ensure that the potential security threats affecting an organization are known to the organization. The aspect of detection works together with prevention in providing support. Any imminent threats must be detected for a corrective action to be taken. When combined with prevention, detection is a highly effective functions which could enhance the information safety within a business entity. Recovery – in systems management, there is always a possibility of failure of the approaches which have been development to initiate security into the management systems. Though it works as the last available option once others have failed, it is the fundamental security consideration which should be undertaken before all the others. The system should be able to present a backup media which can be utilized to restore the content and information contained in the system in case a threat surpasses all the other control measures. INFORMATION SECURITY DOMAINS Holistic implementation of information security within organizations can be defined by different interdependent elements that can be utilized by mapping the department and job descriptions of different individuals. These domains seeks to ensure that there is comprehensive security of information contained within the organization (Stavroulakis and Stamp 245). The system protection would include the following functions. Operational security – this is aimed at ensuring protections of managerial policies and decisions in a hierarchical manner Physical security that seeks to protect the systems from physical damage that might occur. Personnel security, which is involved in conducting training of the human resources to ensure they are conversant with security procedures applicable under different settings. Network security, which seeks to protect the communication and network equipment from technological elements which might cause threats. System security, which is mainly concerned with authentication controls seeking to grand permissions and privilege to different users. While there are several domains as identified above, these are applicable within large organizations and the security domains can be merged or outsourced within a small organization. The functions that will be integrated into the organizations should be on the latter 2 domains; network security and system security. A simplified organizational chart for the information security will be as shown below. Network security This will involves the adoption of policies and other provisions which are aimed at monitoring the usage of the system to ensure safety. The network security should be developed targeting the different security threats which have been identified. Comprehensiveness of network security is commonly assured by the capability to mitigate different threats that face the information security system of an organization. Many of the threats prevented by the network security come from the internet and can include, hacker attacks, data interception, identify theft viruses among other threats. The effectiveness of this security measure would be enhanced through availability of multiple security layers (Whitman and Mattord 33). Security measures are subject to failure and reinforcements are achieved through multiple security controls. The components which will be included in the network security include the following (Whitman and Mattord 255) Antivirus and spyware – for protection from malicious software Firewall – to restrict and control access Intrusion prevention systems – to enable the identification of prevailing threats to the system Virtual private networks – to provide a secure network through which access can be granted. Advantages of network security Centralized protection – the network security is controlled by a single user and changes can also be made by the same person. The element of centralization enhances the control of the security systems; consequently increasing the security of the information contained within the organization. Enhanced protection – this is achieved through the utilization of multiple controls and features aimed at restricting access. Reduced processing time – the availability of antivirus and antispyware in computers commonly slows the speed of the machines. Centralization of the protections eliminates this problem as control in conducted from a different location Updating – the process of updating security system becomes simplified as a single individual performs these functions Disadvantages of network security Internet accessibility – this remains the major problems with the network security which can be accessed through the internet. The element of accessibility makes the network security increasingly susceptible to virus and attacks by hackers. Cost – the installation of network security could be extremely expensive to small organisms because of the cost of the equipment utilized to support the network security. System security Systems security is aimed at providing control of the access to the information contained in the organization’s database. This can be conducted through the provision of passwords and usernames which seek to identify the various individuals who have access to the system. Different levels of access can be availed as a way of seeking to determine what activities people can do to the information. Controlling aspects of the system security seeks to ensure that the information remains protected from malicious damage, through uncontrolled access. The system security worked theory a basic process involving three actions of identification, authentication and authorization. Identification seeks to ensure that the subject seeking access to the information is indeed the actual individual with the right for accessing such information. This will include elements like user names and account numbers. Authentication refers to the approach that seeks to prove the subject’s identity provided in the previous stage. This commonly includes element like passwords and “personal identification numbers” PINs. Authorization is the final process through which the system provides access to the subject according to the information availed. Advantages of system security Enhanced access to information – the capacity to limit the access to ensure that the individuals can access information from any computer since their identity can be ascertained and do not require physical permission to access information. Easy integration – this approach can be easily integrated into the existing systems without any fundamental changes to the system being made. Creation of an audit trail – when auditing the usage of the system, the access can be easily traced in order to determine how the system has been utilized for a given period of time Disadvantages of system security Identity theft – this presents the fundamental disadvantage of this approach. When an individual gains the authentication of another person, such an individual cannot be restricted from accessing the information. RECOMMENDATION In seeking to enhance the system security the organization should consider the following recommendations. Shifting security mindset form incident based and a continuous approach to information security Investing on the elements of detection, response and prediction capabilities of the security system while focusing less on the traditional approach of preventive measures (Whitman and Mattord 293). Develop a center where security operations will be undertaken from to ensure a continuous process of monitoring and protections from potential threats Works cited Stavroulakis, Peter, and Mark Stamp. Handbook of Information and Communication Security. Berlin: Springer Heidelberg, 2010. Print. Whitman, Michael E., and Herbert J. Mattord. Principles of Information Security. 4th ed. Boston: Cengage Learning, 2011. Print.  Read More