Information and Communication Technology Management and Information Security - Assignment Example

ICT MANAGEMENT AND INFORMATİON SECURİTY ICT Management and Information Security Author Author Affiliation Date Question 1 A report on one of the knowledge areas: The Project Management Body of Knowledge (PMBOK) consists of a set of procedures and various knowledge areas normally acknowledged as most excellent practice inside the project management control. Additionally, as a globally recognized standard (IEEE Std 1490-2003) it offers the basics of project management, irrespective of the kind of project such as how it is structured, engineering, software, automotive etc. In this scnario, PMBOK offers 5 fundamental procedures along with 9 knowledge different knowledge areas usually for almost all kinds of project. In addition, the fundamental ideas are appropriate to projects, plans and operations. The five fundamental procedure groups are: (Haughey, 2011) Initiating Planning Executing Monitoring and Controlling Closing In case of PMBOK we have nine knowledge areas those are outlined below: (Haughey, 2011) Project Integration Management Project Scope Management Project Time Management Project Cost Management Project Quality Management Project Human Resource Management Project Communications Management Project Risk Management Project Procurement Management Project Scope Management Plan This section discusses one of the knowledge management areas. For this purpose I have chosen project scope management plan. The project scope management plan directs explicitly to the input/output system that composed of a formal document that is employed for carrying out the functions of detailing precisely how the project scope will be described, what outlines will be assumed to build up the project scope, how the project scope will eventually be established, as well as precisely how some and the entire mechanisms of the work breakdown structure will be eventually formulated and defined. Additionally, the project scope management plan is also used to demenostrate information as well as help in determining accurately how the really scope of the project will eventually be controlled in the management procedures by the project management team and/or the project management team manager. In this scnario, the real project scope management plan, as demnostrated by majority project management parts, could be an extremely officially written document, or it could be a great deal more casually written document. However, the specific level of the document could vary wildly, relying on precisely what the requirements of the project dictate (Project Management Knowledge, 2011), (Nutek, Inc., 2011) and (project-management-knowledge, 2011). Question 2 (Some ways to understand enemy) The development team is updated all through the investigation stage of the project that establishes a beginning analysis of existing security policies or plans alongside by means of documented threats as well as linked controls. Addtionally, the analysis stage as well comprises an analysis of applicable legal issues that could influence the design of the safety solution. In addition, the analysis phase includes risk management task that as well starts in this stage (Joshi, 2010). In this scnario, risk management is the procedure of recognizing, assessing, and appraising the levels of risk affecting the business, particularly the threats to the organization’s safety as well as to the information stored as well as processed by the business (Joshi, 2010). The SecSDLC procedure engages the recognition of exact threats as well as the risks that they signify, and the following design and implementation of exact controls to counter those fears and help the organization manage those risks. Additionally, the analysis phase also encompasses the exploration in the SecSDLC, which is carried out by a threat agent that harms or steals an organization’s physical or information asset. In this scnario, the vulnerability is recognition of weakness of a controlled system in which required controls do not exist or are no longer efficient (Joshi, 2010). Some of the widespread attacks that can be identified in the analysis phase are: (Joshi, 2010) Malicious code. Hoaxes . Back doors. Password crack. Brute force. Dictionary. Denial-of-service (DoS) and distributed denial-of-service (DDoS). Spoofing Man-in-the-middle Spam Mail bombing. Sniffer Social engineering Buffer overflow Timing Moreover, the final step in analysis stage of the SecSDLC lifecycle is about knowing who is the enemy. It requires discovering a number of techniques of prioritizing the risk posed by every group of threat and its connected techniques of attack. In addition, it could be carried out by adopting threat levels from an obtainable study of threats, or by formulating our own classification of threats for our environment foundational upon the situation of analyses. Moreover, in an attempt to manage risk, project managers must be aware of the value of their information assets. Additionally, this iterative procedure has to comprise a classification as well as categorization of the entire elements of an organization’s arrangements like that procedures, people, information, software, data, hardware as well as networking fundamentals. The subsequent challenge in the analysis stage is to give importance to every information asset for every threat it faces as well as generate a list of the vulnerabilities (Joshi, 2010). Question 3 Example of a disaster recovery plan: A disaster recovery plan (DRP) is frequently recognized as a business process contingency plan (BPCP) or business continuity plan (or BCP), which is aimed at explaining how a company could be able to implement possible disasters managements strategy. Additionally, a disaster is an occasion that makes the continuance of standard functions not possible, a disaster recovery plan composed of the protection formulated as a result that influences a disaster will be reduced as well as the business will be capable to either uphold or rapidly start again mission-critical purposes. Normally, disaster recovery planning engages an analysis of business procedures as well as continuity requirements; it can as well comprise a major focus on disaster prevention (TechTarget, 2008). Additionally, the main purpose of disaster recovery planning is to defend the organization in the occasion that the entire or fraction of business or its processes and/or computer services are provided unusable. In this scenario, attentiveness is the main aspect of this strategy for the business continuity management. Additionally, the planning procedure should reduce the disturbance of operations as well as makes sure a number of level of corporate constancy and an arranged recovery later than a disaster. Other aims and objectives of disaster recovery planning are outlined below: (Wold, 2011) and (Roos, 2011) Reducing risk of delays Offering a sense of security Offering a standard for testing the plan Reducing decision-making all through the process of a disaster Assurance the reliability of reserve systems Moreover, suitable plans differ from one business to another, relying on variables like that the kind of company, the procedures comprise, and the intensity of security required. In this scenario, the disaster recovery planning can also be built inside a business or purchased as a software system or a corporate operations management service. In addition, it is not strange for a business to spend 25 percent of its information technology resources on disaster recovery. However, the compromise inside the disaster recovery business is that the majority companies are yet ill-prepared for a disaster (TechTarget, 2008). Question 4 Wxample of an enterprise information security policy. In this section I will present a enterprise information security policy for a business. For this purpose, I have chosen the business information security policy of the Kennesaw State University technology. This poicly enables the Kennesaw State University to offer minimum information for security application for resources, devices, and associated communication. This strategy is planned to offer a way University security works to make sure the integrity, confidentiality as well as availability of campus information (kennesaw State University, 2010). In fact, the information security is described as the defense of information as well as its important elements, comprising the systems and hardware that store, utilize or process, and broadcast that information. In this scnario, Kennesaw State University’s information safety model is based on accepted federal strategy as well as composed of technical education, measures and awareness, identity management and policies and procedures. Additionally, these protection along with a lot of others, perform jointly to make sure data privacy, availability as well as integrity at Kennesaw State University (kennesaw State University, 2010). In addition, University data and information assets are at risk from possible threats like that malicious or criminal act, employee error, system breakdown and natural disasters. In the same way, similar circumstances could cause harm to information resources, loss or corruption of data integrity, or the compromise of data and information privacy. In this scnario, the university information security headquarters looks for to proactively diminish the risks to electronic data and information resources in the course of application of controls to determine and stop errors previous to they happen. Moreover, the detrimental access to the Kennesaw State University enterprise information and data network uses some interference, from either an inner or outside entity, that makes some circumstances whereby verification and access control methods to avoid the privacy or integrity of information resources or provide them engaged (kennesaw State University, 2010). Question 5 Identify recent information security breaches: Accoording to various breaches surveys, the information technology has sustained to develop fast in the course of large level utilization of virtualization, cloud computing and social networks. In this scenario, the organizations both in public as well as private sector have performed extra work to recognize the risks they having, by means of 82 percent of big ones as well as 75 percent of smaller ones assessing information security dangers at the present, compared to 48 percent who did so in 2008 (Condon, 2010). In addition, the public sector corporation that owns the Nasdaq Stock Market in 2010 sated that its servers had been breached. Additionally, through normal security monitoring systems corporation detected suspicious records on the U.S. servers not linked to corporate trading systems as well as assessed that company web facing application Directors Desk was possiblly influenced (Schwartz, 2011). Furthermore, in 2011 United States Attorney Paul J. Fishman announced the arrest of "two self-sated Internet 'trolls'" for their participation in harvesting of e-mail addresses from 120,000 Apple iPad clients in June, 2010 (Claburn, 2011). References Claburn, T. (2011, January 09). Two Arrested For AT&T iPad Network Breach. Retrieved August 18, 2011, from http://www.informationweek.com/news/storage/security/229000863 Condon, R. (2010, April 28). Information Security Breaches Survey: Attacks hit new high. Retrieved August 18, 2011, from TechTarget.com: http://searchsecurity.techtarget.co.uk/news/1511048/Information-Security-Breaches-Survey-Attacks-hit-new-high Haughey, D. (2011). The Project Management Body of Knowledge (PMBOK). Retrieved August 16, 2011, from Project Smart: http://www.projectsmart.co.uk/pmbok.html Joshi, J. B. (2010). Planning for Security. Retrieved August 15, 2011, from www.sis.pitt.edu/~jjoshi/IS2820/Spring06/chapter02.doc kennesaw State University. (2010). Enterprise Information Security Policy. Retrieved August 17, 2011, from http://its.kennesaw.edu/infosec/docstore/policy/eisp.pdf Nutek, Inc. (2011). Project Management Body of Knowledge (PMBOK). Retrieved August 16, 2011, from http://nutek-us.com/PMBOK_Slides.pdf Project Management Knowledge. (2011). Project Scope Management Plan. Retrieved August 17, 2011, from http://project-management-knowledge.com/definitions/p/project-scope-management-plan/ project-management-knowledge. (2011). Project Management Knowledge Area. Retrieved August 17, 2011, from http://project-management-knowledge.com/definitions/p/project-management-knowledge-area/ Roos, D. (2011). How Disaster Recovery Plans Work. Retrieved August 17, 2011, from http://communication.howstuffworks.com/how-disaster-recovery-plans-work.htm Schwartz, M. J. (2011, February 07). Nasdaq Confirms Servers Breached . Retrieved August 16, 2011, from http://www.informationweek.com/news/security/attacks/229201276http://www.informationweek.com/news/security/attacks/229201276 TechTarget. (2008, March). disaster recovery plan (DRP). Retrieved August 16, 2011, from http://searchenterprisewan.techtarget.com/definition/disaster-recovery-plan Wold, G. H. (2011). Geoffrey H. Wold. Retrieved August 17, 2011, from http://www.drj.com/new2dr/w2_002.htm Read More