StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security: Principles and Practice - Assignment Example

Cite this document
Summary
As the paper "Information Security: Principles and Practice" outlines, Project Management Body of Knowledge is an amalgamation of processes and knowledge areas. Project management techniques entail two broad sections, namely project management process, and project management knowledge areas…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.9% of users find it useful

Extract of sample "Information Security: Principles and Practice"

Heading: Information Security Your name: Course name: Professors’ name: Date Question 1 PMBOK is an amalgamation of processes and knowledge areas. According to PMBOK (2000) project management techniques entails two broad sections, namely project management process and project management knowledge areas. The focus will thus be on a sub category of the knowledge area called project scope management. Project scope management encompasses the task of ensuring that the process required in completing one and only a particular task is completely done. In the management of project scope there are several vital activities that must be observed and executed. This is intended to have a successful project as per the standards with the aim of achieving the required deliverables at the end of the task. These activities take into account several stages during the project scoping 1) initiation of the entire project from the beginning through the study of the existing project(s) or formation of a completely new project. This must be accompanied by a proposal that describes exhaustively the rationale of the idea behind the viability and feasibility of the intended project. 2) Scope planning is in most cases associated with the process of defining the project deliverables on each stage of the project development and defining boundaries which the entire project is limited to. The scope plan must take into account the basics of anticipated deliverables, project constraints, contract document and assumption of the entire project. 3) Scope definition is one of the very vital activities that set the boundaries of a project. A project must have explicitly defined requirements that are boldly written in a requirement document so as to act as a guide. 4) Scope verification is an activity that is conducted to ascertain whether the project is viable and doable in given span of timeline. 5) Finally scope change is an activity that facilitate a modification to the project if need be. Question 2 During the analysis phase of SecSDLC, dedicated teams facilitate in ensuring that valid initial analysis of all security plans or agendas, with their known threats are unveiled. It is also at this phase that the analysis of existing permissible matters affecting the design of security mechanisms is indentified. This analysis stage also entails risk management which allows for a process that helps in the identification, assessment and critical evaluation of all the available levels of security threats facing an organization. Specialty cases of all the threats and information quality stored in the organization servers is also reviewed. According to Marks (2009), knowing all kinds of threat that you are vulnerable to in regard to the world of IT is significant in the establishment of a security policy. In this case of IT, threats will range from all the IT objects, entities, persons who either deliberately or unintentional cause harm to organization resources or even unauthorized computer program that is embedded on a genuine program running in computer. In regard to the IT sector, common and threatening attackers will consist of malicious computer programs such as Trojan, hoaxes, back door entry, password sniffer and cracking, brute force attack, Dictionary attack, spoofing, mail bombing and spamming. While indentifying the threat agents, is also important that you list and prioritize the risk posed by each category of threats and attackers. Luckily, one can adopt readily available study of threats which can be customized to fit the needs. According to Das (2006), to effectively manage the risk, then you need to identify and assess the information assets. In essence, the iterative aspect must be classified and categorized as per such elements such as systems, procedures, data, people and information. The next undertaking is to evaluate relativity risk of each data by conducting a risk assessment which assigns a proportional risk score to each specific information assets. Question 3 The business continuity journal has an example of data recovery plan used as guidance to recovery steps for lost data retrieval. This is a common plan that is depicted in a series of steps in a flow chart. Generally, the first element of the above plan entails assessment of both monetary value and significance of the data as an asset of an organisation. To achieve its objective, one has to assemble and classify the information assets into various categories of importance then ascribe each of the categories in terms of monetary cost so that in case of any disaster one can ascertain the loss in monetary values. This helps in identification of the magnitude of the disaster and allows use different data to report the budget of developing a backup solution for a company. The second element of the above plan is weighing and consulting an expert so that he or she can offer professional data recovery steps. This can be accomplished via getting in touch with an IT expert who is dedicated to data back-up and disaster recovery for assistance and advice on the disaster recovery planning. One can as well discuss the budget of conducting the backup plan with the same expert. The last element that is notable in this plan is coming up with policy guidelines for disaster recovery plan. One ought to establish procedures which all workers will stick to as regards the company’s data and then communicate the whole plan to the stakeholders. However, the above plan is inaccurate since it does not specify various important issues. The plan should have incorporated elements such as availability of globally set standards for IT DR process and also include testing of the plan via a pre-organized and impromptu test of the plan to ascertain the validity. Question 4 Harvard developed a comprehensive Enterprise Information Security Policy meant to protect its resources, property, integrity, privacy and confidentiality in relation to its information assets. The four aspects of the security are as identified below. Data integrity Integrity is the dependability of any information assets. That is, the information is free from unauthorized modification whether deliberately via malicious acts or accidental. It also concerns the fact that information comes from the correct source and not forged by an imposter. Data integrity also encompasses the concepts of data validity and that it can be relied upon in decision making (Stamp 2011). Confidential and Privacy Confidentiality is the process limiting data disclosure and access from leaking out to unauthorized individuals. This may be accomplished through the use authentication and authorization of any user who intends to access the data. For example, the use of password protected system allows only the users who are able to authenticate themselves. Data availability Availability is the availability of the information being sought by the users. A system which does not avail the information to user when needed in time is said to have failed the test of availability. Unavailability can also be caused by technicalities such as the poor communication, intrusion, damages, computer breakdown and software malfunctioning. In addition, it can also be facilitated by incidence such as wind, water and human reasons which could be accidental or deliberate. Prevention and detection Protection and detection is meant to cover the three aspects confidentiality, integrity and availability. The aim of this is to identify and uncover potential security threat and prevent any further damages. It is separated into those which are oriented in the prevention and then those that persist on revealing. The prevention and detection is dependent on circumstances at hand. Question 5 Sony an electronic firm, AmeriHealth a medical firm and Royal Bank of Scotland are the most recent victims of information security breach where by all its confidential data was exposed to the public as listed by the open security foundation on its website. Chris Potter an executive at PricewaterhouseCoopers said that less developed enterprise do suffer less security breach to an approximation of a quarter of all cases reported in the year 2008. On the other hand, large companies account for the other remaining three quarter in the same year. He went ahead to enumerate the average cost of security breach whereby the small firm had an average of £55,000 as compared to large firm recording £170,000 in 2008. Most of the attackers do focus their attention on financial, learning and government firms that host very sensitive data about individuals. This is evident by the open security foundation which at a glance shows that most of the attacks are targeting schools, hospitals, government offices and banks. This is because most of these institutions have very sensitive data about unsuspecting citizen. For example, the open security foundation listed several acts where a hacker hacks into the database with an aim of revealing the staff identity of an individual so that he or she can use it to access address, date of birth, names, and Social Security number of an employee and all the bio data from hospital record which in turn is used elsewhere for malicious act. Most small firms do have weak security systems that are less protected and therefore more affected to security breach than large firm who have enough resources to invest in their very vital security systems. Conversely, security threat in a small firm is less felts since their significance and dependence on it is of little consequences. In fact the effect to the business continuity is not affected and at some instance fails to be reported completely. References Business Continuity Journal. (2007). IT continuity. The IT disaster recovery plan. Retrieved September 2, from http://www.continuitycentral.com/feature0524.htm. Das, S. (2006). Risk Management. New York, NY: Wiley and Sons. Gregory, Peter. (2008). IT Disaster Recovery Planning For Dummies. New York, NY: John Wiley and Sons. Marks, D. (2009). Inside Story. London: A&C Black. Open Security Foundation. (2005). Datalossdb. Latest incidence. Retrieved September 2, 2011, from http://datalossdb.org/index/latest. Project Management Institute. (2000). A guide to project management Body of Knowledge (PMBoK Guide). Newtown Square, NS: Campus Boulevard. Stamp, M. (2011). Information Security: Principles and Practice New York, NY: Wiley and Sons. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information Security: Principles and Practice Assignment, n.d.)
Information Security: Principles and Practice Assignment. https://studentshare.org/information-technology/2059156-ict-management-and-information-security-short-essay-questions
(Information Security: Principles and Practice Assignment)
Information Security: Principles and Practice Assignment. https://studentshare.org/information-technology/2059156-ict-management-and-information-security-short-essay-questions.
“Information Security: Principles and Practice Assignment”. https://studentshare.org/information-technology/2059156-ict-management-and-information-security-short-essay-questions.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security: Principles and Practice

Principles of Preparedness

(2005) Public Health Management of Disasters: the practice guide.... principles of Preparedness The concept of preparedness has become crucial in the management of all kinds of local and national disasters.... An important approach to preparedness is to consider three overarching principles of preparedness, namely integration, testing and resources.... Since the 9/11 incident this has partly been remedied through the creation of the Department of Homeland security but many scholars still advocate a better framework for federal resources to flow to local healthcare organizations....
2 Pages (500 words) Book Report/Review

Important certifications / Eight types of people responsible for security

Information Security: principles and Practices.... hellip; There are a large number of information security certification programs that are designed to test the knowledge of information security professionals in specific areas.... In their book, (Merkow, 2006), a number of information security certification programs such as International Information Systems Security Certification Consortium (it is useful for all kinds of information security professionals) and certified information system auditor....
3 Pages (750 words) Research Paper

Collecting and Selling Information from Peoples Public Social Media Profiles

In my view accepting and allowing the practice of selling information from people's public social media amounts to violating the principles enshrined in the social intimacy.... It is not morally permissible for data companies to collect and sell information from people's public social media profiles.... … information privacy is very vital when it comes to the management of information for various organizations.... There are several challenges emanating from the use or reuse of personal information....
4 Pages (1000 words) Essay

Assessment of Technology centric Strategies for information security in an organization

This was due in part to the false sense of security which comes from being behind a firewall and partly from a lack of experience in the information security field.... [National security Agency] Fahey (2004) graduated from the SANS GSEC course and uses their systematic approach to addressing risk through defense in depth.... The SANS approach promulgates an efficient and cost effective methodology for improving security.... The organization for which he works already had a number of policies, each designed to address a multi-layered approach to IT security such as operations security, physical security and contingency and disaster recovery....
3 Pages (750 words) Essay

Corporate Governance Process

So OECD has provided principles for proper check and balance among them.... There are six principles Ensuring the Basis for an Effective Corporate Governance Framework: A legal, regulatory or institutional base should be provided upon which market companies can depend on while establishing contractual relation (p 31).... They must be provided with sufficient and valuable information.... (p 48-50)Disclosure and Transparency: All the information about the Company's objective, major ownership rights, voting rights, financial situation, operating results, related party transactions to the market, performance, ownership, foreseen risk factors of the market, governance structure and policy of the company and matters of the company should be periodically disclosed to shareholders accurately....
4 Pages (1000 words) Essay

Definition of security in info. sys

However it is based on some core principles.... The information thus obtained is either stored for future use Definition of security in Information Systems With the advancement of Information technology, more corporations in the world today employ informationsystems to perform basic functions such as input, processing, storage and output of data to convert it into useful information.... This is called as security of information system.... Increased interconnectivity amongst various information systems has raised new issues and threats for the security of information systems....
2 Pages (500 words) Essay

Policies and Procedures for Washington Posts Information System

nbsp; This is being addressed by the Generally Accepted information security principles (GAISP), under the “Pervasive Principle” wherein it addresses the parameters of confidentiality, integrity, and availability of information, as shown in the guidelines developed by GAISP.... As the Organization for Economic Co-operation and Development (OECD) emphasized in their Guidelines for the security and Information Systems, nature, volume and sensitivity of the information that is exchanged has expanded substantially (Guidelines for the security of Information Systems and Networks: Towards a Culture of security, 2002)....
7 Pages (1750 words) Case Study

Data and Computer Communications - The Issue of Security

… The paper "Data and Computer Communications - The Issue of security" is a delightful example of an assignment on information technology.... The paper "Data and Computer Communications - The Issue of security" is a delightful example of an assignment on information technology.... It is obvious to expect that the security necessities of a wireless system will include addressing this distress (Curtin, 2005).... Integrity, with reference to data and network security, is the guarantee that information can only be accessed or effect changes by those endorsed to do so....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us