Information Technology Security Management and Its Impact on Business Success - Essay Example

INFORMATION TECHNOLOGY SECURITY MANAGEMENT AND ITS IMPACT ON BUSINESS SUCCESS Name Grade Course: Tutor’s Name: 15th, November, 2009 CURRENT SITUATION In business, there has been great development or growth. As new technology emerges, so does the new systems of managing and operating businesses. So many businesses nowadays use corporate applications as a medium of communication, for book keeping and for transactions. It is important to use the corporate applications but there is need to maintain security. This is the reason why it is important to develop ways of managing an organization’s information technology. The aim of this project was to design and implement server protocols that can satisfy organization’s business needs and maintain the security and integrity of the organization’s critical and confidential data. Satisfying business needs in this case means designing and implementing system software that will enable internet marketing. The proposal was to implement such system (Secure Network Infrastructure for e-Commerce) through high level programming. There were objectives set for accomplishment of the aims of the project. These were: 1. To research on the secure network infrastructure for ecommerce. The research will include academic literatures, enterprise publications and books on secure network infrastructure for ecommerce. 2. To analyze and evaluate secure network infrastructure for ecommerce strategies. Special consideration will be made to external consultants like the IS Integration Ltd which will assist in the creation of the secure network infrastructure for ecommerce. 3. To investigate on the benefits of ecommerce and the use of internet on business. In order to identify the benefits of the new system, research will be conducted on internet marketing methods, online payments and the feasibility study will be conducted at the company 4. To find the assumptions and constrains of the secure network infrastructure for ecommerce. 5. To produce a report containing the High risk factors involved in IT security Management and recommend ways of improvement. 6. To evaluate the outcome. In an attempt to evaluate the project’s deliverability, special assumptions on current technology will be made so as to be able to analyse statistics Achievement of these objectives was through: a) research which was to be done on the infrastructure, on special Information technology security management, b) Analysis and evaluation of secure network infrastructure for ecommerce strategies c) Determination of the benefits of e-commerce and the use of internet on business and d) Research on assumptions and constrains of the secure network infrastructure for ecommerce Currently, the following have been done: Research has been done on the sources of information about information technology security management, the secure network infrastructure for e-commerce and important information required for the accomplishment of the above objectives. Below is a description of the information already obtained and the sources from which they have been obtained. A. Research to be done on the infrastructure, on special Information technology security management Research has been conducted about information technology secure network infrastructure and its management. Georgia Technology Authority (GTA) publication contains information on the required standards necessary before deployment of web services and an internet based web server (GTA, 2008). This is a company’s article/publication on web and E-Commerce security and gives the standard that establishes the minimum security measures that should be implemented by agencies on web facing systems available for public access. Tipton & Krause’s book also has important information about information security management. This book will help in identification of the standards required as detailed in the ISO/IEC 17799 and in identification of what management processes are necessary for T security management (Tipton & Krause, 2007). Securing a network means securing the data. The data is the asset that needs to be secured. In one of the articles (Wave secure data group: Information Security Approach) the process of developing a secure network infrastructure is explained. This gives an idea on how to build a secure network infrastructure for e-commerce. It also provides information for analysis of the other secure network infrastructures (WSDG, 2009). The process begins with the discovery of data where it gives information about data discovery which is the location of all the digital data that the organization uses and the steps necessary for identification, prioritizing and categorizing data. There are policies and procedure analysis description which is also important for the proposal (WSDG, 2009). The next step described is the assessment process which gives information on what should be assessed. The paper describes analysis of technology architecture, determination of the mechanism of security control and identification of physical assets as activities of the assessment process. The assessment process according to the Wave Secure Data group is meant to understand an organization’s current environment in order to establish a security design baseline. The group’s publication also describes the security design then the implementation process, the modification and monitoring process and lastly the implementation of the management process. The process description gives one way in which the secure infrastructure can be developed. This however is determined after the analysis of other available processes (WSDG, 2009). Another source of information that has been established to be important for the proposal is the SANS institute publication on “Building a secure internet data centre network infrastructure”. The paper provides information on how to design and implement secure networks in a data centre (internet data centre). The aim of the proposed paper was to develop a secure network infrastructure. This publication therefore gives ways of designing the network system since the required infrastructure is for e-commerce and internet data management is required. It would develop the internet data centre for the H&R following the described modules in the paper (SANS Institute, 2002). SANS publication describes a data centre that can provide hosting facilities for an organization, its components and the different modules that can be used (SANS Institute, 2002). Secure internet data centre network infrastructure creating has been explained using the modular approach. The Secure internet data centre network infrastructure in this case is referred to as the IDC. The paper gives what architectural components are necessary for an IDC and describes the different module forms that an IDC can take and modules that developers of secure network infrastructures can choose from. The following modules are described: “Management and Back-end operations module”, “Hosting services module” and “ISP Connectivity module” (SANS Institute, 2002). The information provided gives an approach to implementing the infrastructure and the process of doing so. Additional information about the infrastructure’s implementation has been obtained from EUCS FMD Unix ltd that has described the first phase of implementation. Other resources with important information about information technology security management and infrastructure are: Cazemier, Overbeek and Peters’ Security Management book (1999) and Window Security’s “E-Commerce Security Technologies” (2002). B. Analysis and evaluation of secure network infrastructure for ecommerce strategies The analysis process is not yet complete wit the selection of the hardening module not yet done. Noonan’s Hardening Network Infrastructure (Noonan, 2004), all the above described resources, and Merkow’s E-Commerce technologies article (Merkow, 1999) have information necessary for the analysis and evaluation of a secure network infrastructure for e-commerce strategies. Implementation systems gathered are: SANS institute publication on “Building a secure internet data centre network infrastructure” process, That is, the following different modules; “Management and Back-end operations module”, “Hosting services module” and “ISP Connectivity module”, Wave secure data group: Information Security Approach . These have been evaluated and the most appropriate selected, that is the SANS institute IDC modular approach. There are features necessary for implementation of a secure network. These are available in E-Commerce technologies article described by Mark Merkow and SANS institute’s publication. Some of the features have been identified as Routers, Firewalls, Intrusion Detection Systems (IDSs), Vunerability Assessment Tools (Scanners, etc.). Their functionalities are also described in the articles. Analysis will be based on their functions based on the requirements of the network infrastructure (Merkow, 1999 and SANS Institute, 2002). Noonan’s “Hardening Network Infrastructure” (2004) has important information on hardening network infrastructure which includes some aspects of network perimeter. It describes different modules and implementation methods. There are DMZ implementation methods described, VPN/remote access module, Internet access module, extranet access module, WAN access module, e-commerce access module and wireless access module all explained. These offer a variety of modules and implementation methods to be evaluated and to choose from for hardening of the infrastructure (Noonan, 2004). The description is based on cisco network security. C. Determination of the benefits of e-commerce and the use of internet on business The benefits have been determined and information was obtained from: Jamy Wilson’s “Benefits of E-Commerce Web Development For Your Online Business” which describes just the benefits. Stone and Jacobs’ “Successful direct marketing methods” (2001) and Tassabehji’s “Applying e-commerce in business” (2003).Have information about internet direct marketing and the benefits of e-commerce. D. Research on assumptions and constrains of the secure network infrastructure for ecommerce The assumptions and threats of the secure networks can be obtained from William Johnston’s article of infrastructure protection on “Issues for the Assured Operation of Online Infrastructure Vulnerabilities, threats and safety in Cyberspace”. Assumptions and constraints of secure network infrastructure for ecommerce can also be obtained from Noonan’s hardening network Infrastructure (Noonan, 2004). PROBLEM AREA Currently, there are no problems with the project’s progress. One of the activities was to consult the EUCS FMD Unix for assistance with the implementation process. Already, the company has registered this project as one requiring their attention and the first phase of implementation given in a report form. The firm however noted that the time required for the deployment of the network infrastructure should be flexible (can be extended) and resources should be in place before the actual start of the implementation process. The implementation module has not been established but the necessary information for analysis and selection of the appropriate module has been collected. Information about the process of implementation has also been identified. The Application Server Software and hardware required will be determined after determination of the appropriate infrastructure system and the analysis and evaluation of secure network infrastructure for ecommerce. Currently, there are no problems. KEY WORK DURING THE NEXT PERIOD In this section, the completed activities are indicated. The changes made in the number of days required for completion of the activities are because of the recommendations made by the EUCS FMD Unix consultants. Task  Responsibility  Estimated time in day Literature Search Research from academic publications, internet, textbooks etc. This is complete Collecting information Researching on the various secure network infrastructure for ecommerce strategies complete Analysing the collected information Analysing and evaluating the collected secure network infrastructure for ecommerce strategies Half way complete (1 days) Evaluation of the benefits of the new system Evaluating the benefits of the secure network infrastructure for ecommerce strategies complete Determine the assumptions and constrains of the system Evaluating the benefits of the secure network infrastructure for ecommerce strategies complete Initial Report Produce initial report 1days Interim Report Produce the Research finding reports 6days Design and implementation of the new system. Evaluating the benefits of the secure network infrastructure for ecommerce strategies 14days Final Report Produce final Report 5days TOTAL= 27 Days References Cazemier, J. A, Overbeek, P. L. and Peters, M. L. C., 1999, Security Management. 10th Ed., New York, US: The Stationery Office. Georgia Technology Authority, (GTA), 2008, Web and E-Commerce Security. Merkow, M., 1999, E-Commerce Security Technologies. Retrieved on 14th Nov, 2009 from: http://www.ecommerce-guide.com/news/trends/article.php/7761_253601 Noonan, W. J., 2004, Hardening Network Infrastructure, New York, US: McGraw-Hill Professional. SANS Institute, 2002, Building a Secure Internet Data Centre Network Infrastructure. Retrieved 13th Nov, 2009 from: http://www.sans.org/reading_room/whitepapers/modeling/building_a_secure_internet_data_center_network_infrastructure_73 Stone, B and Jacobs, R., 2001, Successful direct marketing methods. 7th Ed. New York, US McGraw-Hill Professional. Tassabehji, R., 2003, Applying e-commerce in business. England, UK: SAGE. Tipton, H. F. and Krause, M, 2007, Information Security Management Handbook, 6th Ed. Boston, Massachusetts: CRC Press. Wave Secure Data Group (WSDG), 2009, Information Security Approach, The Business of IT Solutions, Retrieved on 14th Nov, 2009 from: www.wave-sdg.com Wilson, J., 2009, Benefits of E-Commerce Web Development For Your Online Business http://ezinearticles.com/?Benefits-of-E-Commerce-Web-Development-For-Your-Online-Business&id=2746948 Window Security, 2002, E-Commerce Security Technologies: Fire Wall. Retrieved on 13th Nov, 2009 from: http://www.windowsecurity.com/whitepapers/ECommerce_Security_Technologies_Fire_Wall.html Read More