Information Security Management - Assignment Example

Comments (0) Cite this document
The writer of the paper "Information Security Management" gives detailed information about the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework considering and analyzing the diagram giving at the beginning of the paper…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER95.5% of users find it useful
Information Security Management
Read TextPreview

Extract of sample "Information Security Management"

Information Security Management Insert Insert Question Consider the diagram above from the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework.
a) Outline and explain how the GhostNet case study may have seen impacts affecting each one of the components in the framework diagram above.
According to GhostNet case study, improper elucidation of the system requirements may impact on the design of the system significantly affecting the user interface. The result may lead to attackers using the interface to send input and receive results especially from systems that are compromised
The GhostNet systems also facilitate downloading of a Trojan called Ghost Rat that enables attackers have control of the attacked systems on a real-time basis (Villenueve & Walton, 2009). That makes monitoring and identification of security breaches a complicated process. The fact that it can operate the web cameras and microphones is just beyond.
The system is not able to achieve the expected security in operation especially after an attack by GhostNet since it can send mail messages from the infected systems to other users alluding to be the authenticate persons. The detecting users become victims since these emails have malware spread-out to them.
b)The detail in the headings below how might apply each of the SSE processes in the above diagram have helped the case study organisations to avoid their vulnerabilities being exploited?
PA02-5 Assess Impact; Security Risk; Threat; Vulnerability
The result will be forming a foundation for security that will address requirements both in the organization, meet the needs of the policies and the legal. It helps achieve set security objectives in the system.
PA10 Specify Security Needs
It involves identification of particular security that affect the system in the case apart from the general threats. That will ensure that the solutions derived directly address the particular system.
PA09 Provide Security Input
It ensures that the designing of the system and its architecting is based on the security needs initially identified. The purpose is to make sure that the interface used in inputting data does not leave room for erroneous data or allow attackers to penetrate the system.
PA01 Administer Security Controls
The purpose here is to have proper integration of the intended level of security into the novel system and ensure that the latter has to be visible when the system is running.
PA08 Monitor Security Posture
The posture ensures reporting of attempted security attacks, likely to occur mistakes that may lead to breaches and breaches that have happened. It aims to relay the information to respective personnel for immediate attention thus safeguarding the system.
PA07 Coordinate Security
It seeks to bring together all the players in building of the system so as to identify security threats at each level of the system. The result is protecting the system from attacks not anticipated or originating from areas that were initially ignored.
Villenueve, N., & Walton, G. (2009). Tracking GhostNet. Toronto, Ont.: Citizen Lab, Munk Centre for International Studies, University of Toronto. Read More
Cite this document
  • APA
  • MLA
(“Information Security Management Assignment Example | Topics and Well Written Essays - 250 words - 1”, n.d.)
Information Security Management Assignment Example | Topics and Well Written Essays - 250 words - 1. Retrieved from
(Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1)
Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1.
“Information Security Management Assignment Example | Topics and Well Written Essays - 250 Words - 1”, n.d.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Information Security Management

Information security management

...?TMA01 Information security management QUESTION A Before conducting information security risk assessment, there are certain fundamental concepts thatneed to be recalled. One of them is a Threat that is defined as the probable network security breach which may occur in the future and will harm the network, as well as Information systems. The current trends in technology advancement have enabled the networks to be prevalent. People are connected at home, offices, as well as when they are travelling either via laptop or mobile phones. The evaluation is conducted to identify the severity of each information system, which deserves priority due to the value of data which needs to be protected. Both threats and vulnerabilities need... be blocked....
10 Pages(2500 words)Essay

Information security management

...?Answer A & B Accordingly, information or data is vital for organizations. They need to protect their data from competitors, hackers, cyber criminalsand many more. This paper will highlight information security risk management and implementation of the proposal for an ISO 27001 compliant information security management system (ISMS) for a chain of Peter’s bakeries, in order to implement a standard to ensure confidentiality, availability, and integrity of data. 1 What is ISMS? The ISMS consists of Policies, Processes, Guidelines, Standards, and tools. Likewise, in order to make this system a successful part of...
12 Pages(3000 words)Essay

Summary (Information Security Management )

...Comparison of ISO/IEC 27001 and NIST Document Outline ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management. It does not mandate specific information security controls but stops at the level of the management system. In contrast, NIST provides guidance on design and implementation of new security systems; use it as a supplement to gain a deeper understanding in the background and terminology. ISO/IEC 27001 requires that management should systematically examine the organization's information security risks, threats,...
2 Pages(500 words)Essay

Information Security Management

.... A maintenance plan document is developed, in the seventh step. The recommended standard approach to the process is to combine the both system development and life cycle (SDLC) risk management contemplation for the process of contingency planning. 2 Incident Response Planning Steps The incident response planning is associated with detailed set of processes and procedures which mitigate, detect and foresee the scope of an unexpected event directly impacting on information resources and assets. Incident Detection Identifying the incident to determine whether the incident has occurred due to routine operations or it is the occurrence of an actual incident. The identification of incidents, also known as...
5 Pages(1250 words)Essay

Successful information security management

...? Full Paper Introduction Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world (Conklin, White, Cothren, Williams, & Davis, 2004). A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security...
9 Pages(2250 words)Research Paper

Information security management

...TMA02- M886 Information Security Management Table of Contents Part A: Presentation of Findings for the Organizational Assessment of Information Security Risks- Report to Accounting Company Senior Manager 3 A. Description of Process 3 B. Explanation/Justification for Choices 5 C. Threats and Vulnerabilities Analysis 5 D. Gap Analysis 7 E. Treatment of Threats/Risks 7 Part B: Critical Assessment of the Process Used to Arrive at Assessment of Information Security Risks, and the Information the Process Has Provided About the Organization 9 A. Evaluation of Process 9 B. Evaluation of Results 10 C. Process Improvement Suggestions 11 D. Suggestions for Further Work 12 Works Cited 14 Part A: Presentation of Findings for the Organizational... ...
10 Pages(2500 words)Essay

Information Security Management a single and ensure that the management has the interests of the company at heart. The team also believed that the plan would help the company have an ideal chance to ensure that all the systems are safe from any form of malice. In addition, the team also proposed that the management should put in place an information system that would help in avoiding any instances of operation difficulty within the organization. An effective security system will also help in avoiding the exposure of the system from acts of hacking. In a bid to avoid the theft of passwords, the team proposed that the management should give all the staff member’s unique passwords in...
24 Pages(6000 words)Essay

Information Security Management

...Information Security Management Table of Contents Table of Contents 2 Introduction 3 Findings 3 Strengths 3 Weaknesses 4 Opportunities 4 Threats 5 Policy Considerations 5 Software Tools 6 Certifications 6 6 Techniques and Methods 6 Conclusion 7 References 9 Introduction In present scenario, technological factor is identified to be one of the important considerations for the modern organisations to conduct their respective operations with better flow and sharing of information as well as ideas. In this regard, based on the provided case, a large international organisation operating in Perth Central Business District realised that increased usage of technologies has...
5 Pages(1250 words)Research Paper

Information security management framework

...Topic: Comparisons of Information Security Management Frameworks Benefits of having frameworks for information security managementInformation management security frameworks are developed founded on a structured set of independent recommendations, processes as well as practices predominantly from the Information Security Management System Standard (ISO 27001). The framework seeks to make sure that information assets are safeguarded from illegal access or modification regardless of whether it is in storage, under...
4 Pages(1000 words)Research Paper

Information security management framework

...Topic: Information Security Management Framework Security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information. This is typically achieved through executing information security policies along with standard and guidelines. In this context, security policies are usually written documents, which are supposed to lay out the precise requirements or rubrics that...
1 Pages(250 words)Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Assignment on topic Information Security Management for FREE!

Contact Us