StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Management - Assignment Example

Cite this document
Summary
The writer of the paper "Information Security Management" gives detailed information about the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework considering and analyzing the diagram giving at the beginning of the paper…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.8% of users find it useful
Information Security Management
Read Text Preview

Extract of sample "Information Security Management"

Information Security Management Insert Insert Question Consider the diagram above from the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework. a) Outline and explain how the GhostNet case study may have seen impacts affecting each one of the components in the framework diagram above. According to GhostNet case study, improper elucidation of the system requirements may impact on the design of the system significantly affecting the user interface. The result may lead to attackers using the interface to send input and receive results especially from systems that are compromised The GhostNet systems also facilitate downloading of a Trojan called Ghost Rat that enables attackers have control of the attacked systems on a real-time basis (Villenueve & Walton, 2009).

That makes monitoring and identification of security breaches a complicated process. The fact that it can operate the web cameras and microphones is just beyond. The system is not able to achieve the expected security in operation especially after an attack by GhostNet since it can send mail messages from the infected systems to other users alluding to be the authenticate persons. The detecting users become victims since these emails have malware spread-out to them. b)The detail in the headings below how might apply each of the SSE processes in the above diagram have helped the case study organisations to avoid their vulnerabilities being exploited?

PA02-5 Assess Impact; Security Risk; Threat; Vulnerability The result will be forming a foundation for security that will address requirements both in the organization, meet the needs of the policies and the legal. It helps achieve set security objectives in the system. PA10 Specify Security Needs It involves identification of particular security that affect the system in the case apart from the general threats. That will ensure that the solutions derived directly address the particular system.

PA09 Provide Security Input It ensures that the designing of the system and its architecting is based on the security needs initially identified. The purpose is to make sure that the interface used in inputting data does not leave room for erroneous data or allow attackers to penetrate the system. PA01 Administer Security Controls The purpose here is to have proper integration of the intended level of security into the novel system and ensure that the latter has to be visible when the system is running.

PA08 Monitor Security Posture The posture ensures reporting of attempted security attacks, likely to occur mistakes that may lead to breaches and breaches that have happened. It aims to relay the information to respective personnel for immediate attention thus safeguarding the system. PA07 Coordinate Security It seeks to bring together all the players in building of the system so as to identify security threats at each level of the system. The result is protecting the system from attacks not anticipated or originating from areas that were initially ignored.

References Villenueve, N., & Walton, G. (2009). Tracking GhostNet. Toronto, Ont.: Citizen Lab, Munk Centre for International Studies, University of Toronto.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information Security Management Assignment Example | Topics and Well Written Essays - 250 words - 1”, n.d.)
Information Security Management Assignment Example | Topics and Well Written Essays - 250 words - 1. Retrieved from https://studentshare.org/information-technology/1699039-information-security-managment
(Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1)
Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1. https://studentshare.org/information-technology/1699039-information-security-managment.
“Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1”, n.d. https://studentshare.org/information-technology/1699039-information-security-managment.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Management

Security Legislations and Standards

Some of the well known examples of these rules and regulations comprise the Clinger Cohen Act, the GPRA (Government Performance and Results Act) and FISMA (Federal Information Security Management Act).... Legislations and Standards Serving their Purposes Global Information Security Management guidelines play a significant role in organizing and determining organizational information system security.... Thus, to cope with these limitations, it is assessed that Information Security Management strategy should be observed as a library of policies material on information safety management for the committed companies (Siponen & Willison, 2009)....
4 Pages (1000 words) Essay

Data Protection Laws, Regulations, and Policies

Among these policies are Sarbanes-Oxley Act [SOX], Data Protection Act, Federal Information Security Management Act [FISMA], California Security Breach (SB) Information Act, Massachusetts 201 CMR 17.... Federal Information Security Management Act (FISMA) FISMA is one of the legislations by which the United States protects the nation's information systems/infrastructure.... Federal Information Security Management Act (FISMA).... To achieve this objective, the Act was set on certain visions including the need to initiate and promote the development of core security policies, guidelines, and standards that would promote the formulation and the implementation of information security strategies and policies (U....
3 Pages (750 words) Essay

Infrastructure for Data Storage

This paper “Infrastructure for Data Storage” demonstrates the options for data storage and technology.... Likewise, Direct attached storage and network area storage is discussed in detail.... Moreover, Redundant Array of Inexpensive Disk (RAID) is also highlighted as a storage option....
4 Pages (1000 words) Essay

Business Management Technology: IT Security Management

(Importance of Information Security Management).... Thus IT security management becomes Even computers and its software are very costly.... So management and the employees who are working in the IT system should have a clear awareness about the importance if IT security management in business.... The purpose of IT security management is “protect the company's information assets from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business damage, and maximize return on investments and business opportunities....
7 Pages (1750 words) Essay

Discussion question

Information Security Management handbook (6th ed.... The term information security which is even recognized as InfoSec is used to refer to the attainment of balance between securitization of an organizations information assets and the requirement to continue operating the business without hindrances (Whitman, 2011, p.... information security Computer Security vs.... information security The term information security which is even recognized as InfoSec is used to refer to the attainment of balance between securitization of an organizations information assets and the requirement to continue operating the business without hindrances (Whitman, 2011, p....
1 Pages (250 words) Essay

Access Controls

Information Security Management handbook (5th ed.... Information Security Management handbook (5th ed.... Security Assessment Policy is a governing legislation that outlines information security policies, employee orientation, security incidents and plans for new and existing users.... ? As society progresses to 21st security, the concept of security becomes a critical element in a very advanced world.... As a matter of fact, intelligent readers are one of the most crucial elements that provide all the inputs to control physical security....
2 Pages (500 words) Coursework

A Disaster Recovery Plan

Information Security Management handbook (5th ed.... This provide a global security assessment to ensure that a global virus does not threaten the enterprise risk systems.... One of the most crucial elements to understand within the realm of security are the User Domain, one of seven domains in an IT infrastructure, is considered to be the domain most at risk for attack and compromise, primarily due to the inherent weakness of the human interaction element....
1 Pages (250 words) Essay

The ISMS for Mr. Manos Llewellyn

For instance, if there is a breach in security, the security management processes ensure to deal with security incidents.... This phase frequently monitors processes including security management, new threats, vulnerabilities and risks.... In addition, configuration and management of access rights and contingency planning of security incident processes are also a part of this element.... Moreover, personnel security and physical security related to theft are implemented....
10 Pages (2500 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us