StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Measures - Coursework Example

Cite this document
Summary
"Information Security Measures" paper states that a risk assessment approach is necessary for the development of systems with an acceptable level of risk. The use of security standards backed with administrative and technical measures are good practices for minimizing security risks. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.7% of users find it useful
Information Security Measures
Read Text Preview

Extract of sample "Information Security Measures"

Information Security Summary Information security measures in organizational computing systems are no longer reactive, but proactive with a focus on system design, communication, security culture, policy, and organizational structure. Design for security requires an understanding of security components; principles of security; and achievement of information security with administrative, physical, and technical safeguards. A study of information security in computing systems has been envisaged. The objective of the study is to identify security issues within a specific system. The study has been planned in several stages; review of relevant literature; study of architectures and measures in computing systems; case study of security issues within a specific system; and recommendations for good practices for information security. The study is expected to be completed in over a year, and resources at the University library and the computer laboratories have been considered adequate for the study. A risk assessment approach is necessary for the development of systems with an acceptable level of risk. The use of security standards backed with administrative and technical measures are good practices for minimizing security risks. Information Security Introduction Computing applications have become ubiquitous in human endeavours, with applications ranging from simple processing of personal information to complex systems. The widespread growth in the use of computers has led to an increase of risks to security as well. Computers vulnerable to such risks could lead to a range of myriad problems such as loss of information to failure of complex systems resulting in loss of life and property. Addressing computer security is of utmost significance in the design of systems. Organizations have been compelled to institute security systems/programs for the protection of information from increasing levels of threats (Knapp et al., 2009). There has been an evolution of security measures from the addressing of security breaches to managing those that have an impact on the economic growth of an organization. Information security is not about looking at the past of an attack faced; neither is it about looking at the present with the fear of being attacked; nor is it about looking into the future about the uncertainty that might befall us. It is about being alert at all times (Dlamini et al., 2009). Review of Relevant Literature Models of computer security such as the Bell-LaPadula model, the Biba model, and the Clark-Wilson model work within the confidentiality, integrity, and availability (CIA) framework. These models have been summarized in the Handbook of Information Security Management. Other models have been based on behavioural theory, and criminology theory. The Bell-LaPadula model assigned access levels to data and information, and users and processes capable of modifying data. Read permission was granted for objects at or below the subjects’ access level, write permission for objects at or above the subjects’ access level, and read-write permission for objects at their access level. The Biba model addressed integrity, and deals with confidentiality in a manner similar to the Bell-LaPadula model. However, within the Biba model, processes could not modify data stored at the higher level. The Clark-Watson model has a focus on integrity, well-formed transactions and separation of duties. Other CIA models include the Southerland model, the Brewer-Nash model, and the Gouden-Meseguer model. However, these goal-oriented models are limited in the defence against computer misuse. Several computer models have a focus on individual behaviour, such as the theory of planned behaviour (TPB), theory of general deterrence (TGD), and expected utility theory. Intentions are based on factors including attitude, subjective norms, and perceived behaviour controls. The TPB model has been an excellent choice in the prevention of computer misuse. The Straub’s computer security model suggests three layered defence; deterrents based on TGD; preventives; and detectives. Deterrents have been helpful in reduction the amount of misuse within organizations. Preventives have been effective against internal and external threats as they limit access to systems, and detectives alert system administrators for adequate corrective action (Foltz, 2004). Organizations in the past have focussed on compliance with regulations. However, there has been a growing realization that bare bones, minimal-requirements approach to security was unacceptable, and thinking like a blackhat might be a better approach to security. This requires embedding security into the culture, assessment of threats, likelihood of impact and impact assessment, regular review, addressing the biggest risks, and regular monitoring (Bunbury, 2009). A comprehensive framework should be developed by organizations for cultivating a security-aware culture (Veiga & Eloff, 2009). Communication, security culture, policy, and organizational structure were the most common factors associated with computer and information security (Kraemer & Carayon, 2007). BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM are generic international information security management guidelines. Design for security requires an understanding of security components; principles of security; threats, vulnerabilities, control measures and assurance of information; and achievement of information security; administrative, physical, and technical safeguards. Security could be achieved by addressing the components: confidentiality, integrity, availability and accountability. Data or information not being made available to people or processes that are not authorized is the confidentiality property. Data or information not being altered or destroyed without authorization is the integrity property. Data or information being accessible and useable when demanded by an authorized person is the availability property. The ability to audit the actions of people or processes and a determination of whether the actions are appropriate is the accountability property. Accountability principle, awareness principle, ethics principle, multidisciplinary principle, proportionality principle, integration principle, timeliness principle, reassessment principle, and equity principle are generally accepted system security principles published by the International Information Security Foundation (International Information Security Foundation, 1999). There are numerous threats to information systems which could originate from within and outside organizations. An information security risk assessment is the foundation for the security plan. Such a plan seeks to apply measures that reduce risks to acceptable levels. Policies, procedures, and technology form the control measures. Administrative safeguards include actions, policies and procedures for selecting, development, implementation, and maintenance of measures. Physical safeguards include actions, policies, procedures and measures for controlling access to information assets such as sites, servers, and networks. Technical safeguards include measures for information security and integrity (NIST, 2009). According to the principle of information security safeguards, data controllers must use an adequate level of safeguards before processing information. Data controllers need guidelines for the design, implementation, and operation of technological and organizational measures for the protection of information (Dayarathna, 2009). Aims and Objectives A study of information security in computing systems has been envisaged. A broad aim of the study is to understand information security in computing systems. A specific aim of the study is to explore issues in the security of computing systems. The objective of the study is to identify security issues within a specific system. The School of Mathematical and Computer Sciences at Heriot-Watt University conducts research in the field of computer science with a focus on issues that could arise from developments in computer science. Methodology The initial stage of the project would have a focus on the study of information security issues in computing systems. Relevant literature on the subject would be reviewed. The second stage of the project would emphasize on system architectures and measures that form the underlying principles of information security. The third stage would involve a case study of information security issues within a system. This could include a system within the University laboratories or an external system. The system architecture and measures would be examined, and issues discussed. The fourth stage would involve recommendations for good information security practices. The final stage would include synthesis of results and compiling the thesis. Resources available at the University library and computer laboratories have been considered adequate for the study. Project Management A literature review on technical issues in information security in computing systems would be presented. A case study would be presented illustrating some of these issues in computing systems. Recommendations for good practices in information security in computing systems would be presented. A schedule for the management of the project has been illustrated in table 1. Table 1. Project Management Stage Activity Timeline Deliverable 1. Review of Relevant Literature 02/11/2009-22/02/2010 Literature review on technical issues 2. Study of Architecture and Measures in Computing Systems 01/03/2010 – 23/08/2010 Findings on architecture and measures 3. Case Study of Information Security Issues in a Specific System 30/08/2010-18/10/2010 Findings on architecture and measures 4. Recommendations on Good Practices for Information Security in Computing Systems 25/10/2010-22/11/2010 Recommendations on good practices 5. Thesis Preparation 29/11/2010-27/12/2010 Thesis Conclusion Widespread growth in the use of computing systems has lead to an increase in risks to security of these systems. Computer security models have been developed based on CIA and behaviours, providing various degrees of security. An understanding of security principles and architectures is necessary for achieving security in computing systems. A risk assessment approach is necessary for the development of systems to reduce risk levels to an acceptable level. Good practices suggest the use of security standards backed with administrative and technical measures to minimize security risks. References Bunbury, P. (2009). Moving from compliance-based security to a risk-based security model. Computer Fraud & Security. 2009 (9), 14-17. Dayarathna, R. (2009). The principle of security safeguards: Unauthorized activities. Computer Law & Security Review. 25 (2), 165-172. Dlamini, M., Eloff, J. & Eloff, M. (2009). Information security: The moving target. Computers & Security. 28 (3-4), 189-198. Foltz, C. (2004). Cyberterrorism, computer crime, and reality. Information Management & Computer Security . 12 (2), 154-166. International Information Security Foundation. (1999). Generally Accepted System Security Principles. Available: http://www.infosectoday.com/Articles/gassp.pdf. Last accessed 18 October 2009. Knapp, K., Morris, F., Marshall, T. & Byrd, T. (2009). Information security policy: An organizational-level process model. Computers & Security. 28 (7), 493-508. Kraemer, S. & Carayon, P.. (2007). Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied Ergonomics. 38 (2), 143-154. NIST. (2009). Computer Security Resource Center. Available: http://csrc.nist.gov/. Last accessed 18 October 2009. Veiga, A. & Eloff J. (2009). A Framework and Assessment Instrument for Information Security Culture. Computers & Security. Available online Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information Security Measures Coursework Example | Topics and Well Written Essays - 1500 words, n.d.)
Information Security Measures Coursework Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1728278-information-security
(Information Security Measures Coursework Example | Topics and Well Written Essays - 1500 Words)
Information Security Measures Coursework Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1728278-information-security.
“Information Security Measures Coursework Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1728278-information-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Measures

Securing and Protecting Information

The security plan includes timelines for implementing the security measures and details of what needs to be done.... Security and Protecting Information Instructor Institution Date Securing and protecting information Development of information security strategies protecting complex data and information across a wide network while also improving system performance as well as ensuring easy data retrieval when necessary is one of the most challenging tasks in network design (Dhillon, 2007)....
3 Pages (750 words) Essay

The Success of Panasonic

The paper presents Panasonic Company which is one of the organizations that provide security for the company's supply chain to ensure that the goods and the staff are secure during the production, transport, storage.... The success of a business organization depends on its ability to maintain security.... hellip; One of the areas that Panasonic has strived to maintain the security of products is during the transportation stage of the supply chain of an organization....
6 Pages (1500 words) Case Study

W5-Data Security Policy

Business and client information security and privacy are the leading concern in… This research is about the preservation of the business and client information as well as other confidential information By information we point out data that have been produced into the structure that is significant and functional to the human beings (Laudon & Modern technology poses modern confronts to the protection of entity privacy which existing (Laudon & Laudon, 1999).... Organizational information security strategies, measures, and standards are entirely significant reflections....
5 Pages (1250 words) Essay

Performance Measures

CIO, Senior and Program information security… Measurement of performance is critical to the successful implementation of security recommendations provided in Verizon 2010 Report.... Senior information security Officer3.... Program information security Officer4 Legislative and Strategic Drivers5 Measures Development Process6 information security Measurement ImplementationAPPENDIX: ReferencesExecutive SummaryThe organization has to change its approach regarding controlling of information security breaches within its information system....
2 Pages (500 words) Assignment

Mystery Shopping research for starbucks, costa coffee and cafe nero

The second aspect of validity is the measures of extreme information.... Similarly, it may not be valid to obtain a similar measure for all the three companies, say 77% for all the data being measures.... The information is to provide room for comparison of the performance of the three companies by addressing the achievements and failures.... Thirdly, it is a systematic method since it involves the use of specific and well-organized set of information for the three...
6 Pages (1500 words) Essay

Information Systems Implemented in Razer Company

All of these Information Security Measures ensure that the data remains secure and protected within the company, and that it does not get into the hands of unauthorized persons.... To protect their information systems and data, Razer is implementing many important security measures.... Web application firewalls, IDS/IPS, network security monitoring, and log management solutions are some of the few aspects of the information security systems implemented in Razer gaming solutions....
2 Pages (500 words) Essay

Understanding Information Security Problems and Measures in Universities

Thus in the present times, in regard to the factors of risks prevailing in organizations against assets and information, the significance of effective security measures can be realized.... An author of the paper "Understanding information security Problems and Measures in Universities" seeks to describe the importance of providing quality information security service.... The present study focuses on the North Carolina Agricultural and Technical State University information security Plan and makes a critical analysis to understand how much the plan proves to be effective in its measures....
11 Pages (2750 words) Research Paper

IT Threats to Information Security

            Companies need to ensure that they have put enough Information Security Measures to try and avoid these threats.... This essay "IT Threats to information security" presents information technology that has made many tasks easier to perform it has also brought certain threats that did not exist before its invention.... Some information security threats also lead to reputation damage which is sometimes irreparable....
2 Pages (500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us