StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information and Communication Technology Management and Information Security - Assignment Example

Cite this document
Summary
This paper "Information and Communication Technology Management and Information Security" examines different categories that can be used for sensitive information answering the question of when designing a system, how does one determine how many categories are necessary…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.5% of users find it useful

Extract of sample "Information and Communication Technology Management and Information Security"

1. Different categories that can be used for sensitive information. When designing a system, how do you determine how many categories are necessary. Are there downsides to systems with too many or too few categories? The control of the access of knowledge and information which may lead to a disadvantage or even the level of its security incase it is disclosed to other people who are not trustworthy or who have very undesired intentions is called information sensitivity. It should be noted that unauthorized access to the sensitive information cause very adverse effects to an individual, institution, company or organization. For the safety of sensitive information, it is important for the information to be classified into categories. This is whereby information is either classified or unclassified. The classified is assigned levels namely the tope secret, the secret and confidential. The information that is not given any of the above labels is called the unclassified information (Kroenke, 2008). The information that it termed as declassified has all of it classification removed while the information that is labeled downgraded is the information that is definitely and automatically assigned a very low class but it is classified. The three labels for the classified information are as follows; secret refers to the information the need substantial protection and it should be noted that unauthorized access to such information could lead to damage of the national security. Confidential label entails the information that requires protection and it should be noted that unauthorized access would lead to security compromise. The top-secret label refers to the information that demands a high level of protection. When designing a system the determination of the number of categories needed for the information security depends on the type of information that is in the organization as well as the purpose of the organization or institution. The relevance of the information to the national security is also a factor to be considered (Kroenke, 2008). The downside of having many categories is that some vital information my not be easily accessed to some relevant people easily incase of an urgent call for action and few categories too could not guarantees the security of the information. 2. A scenario where the Brewer-Nash model as the best security architecture. Give reasons why this would be the best and discuss if other models would be suitable The specific scheme that is used for the purpose of security specification as well as enforcement of policies for a computer is what is referred to as security model. This is dependent on the computation models, right to access; distributed computing but also it can be based on no particular theoretical ground. The Brewer-Nash model was created for the purposes of providing a system with one of the best means of accessing information in the system under very tight security but mostly for the information that is bound to change dynamically (Marite, 2002). It was also meant for the purpose of ensuring conflicts as a result of self interest is avoided and mostly in the organizations that are of commercial value or function. In this case, this is a model, which will be perfect for an organization whereby the flow of information in the organization among the subjects and between them will creates no conflict. This is whereby the information among and between the employees as well as employees will create no conflict due to self-interest. The best scenario for such a model is a business organization. This is whereby the business organization needs to make a distinction barrier in the organization to isolate the persons and separate them to define the decision maker. This is whereby the firm will need to create information security such that no single person no matter their position in the firm will act out of self-interest hence compromising the position of the organization of firm. Most of the other models are not as efficient as this model because they do not have a very clear cut of who should act on which information or who should gain access to which information hence the model ensures that in the organization there is both integrity as well as privacy for the data (Marite, 2002). It is the only model that will allow for access controls that are dynamically changing hence no conflict of interest. 3. A list of information security metrics that could be collected for a small internet commerce company with ten employees. The company uses an outside vendor for packaging and distribution. To whom should the metrics be reported? A security information metrics refers to the process of mathematically applying standards for ensuring security of information. This particular company entails an outsider as a vendor and he takes responsibility in packaging and distribution of the products. The best person to report the security metrics to is definitely h information and management officer who handles issues of information in the company. The following is a list of the possible metrics that can be used (Kenneth & Jane, 2010): Confidentiality: This is whereby information must only be released to the authorized party. This will apply especially where the company will be involved in internet business suing credit cards. Integrity: This means that the information system should have a system that cannot be modified undetectively. Any modifications made in the system must be easily detected through a message alert Availability: this is whereby the needed information must be available when need be, meaning all the systems for controlling, storing and securing that information should have security controls to protect it. Authenticity: This is whereby in e- business data and information being exchanged, transacted, documented or communicated must be genuine. Both parties involved in the transaction must be validated and proved genuine. Password strength: This where all the inefficient, bad or weak passwords are identified and changed. Non-repudiation: This is whereby one part within the business transaction cannot be able to deny having received the transaction or the other party denies having sent the transaction. This is very important for the electronic commerce. Legitimate traffic of the email analysis: This involves the process of tracking all out coming and incoming traffic size, volume and flow of data and information among and between companies involved in business transaction. The company will be bale to map the information between the suppliers hence it will be in a position put in place excellent methods of tracing all the junk emails and the good emails the company is receiving. 4. Threats to the information security of a small internet commerce company with ten employees. This company uses an outside vendor for its order fulfillment. Once the list of threats has been generated, assign a likelihood score to each threat. This company being an internet commerce related company and with ten employees as well as a vendor who is an outside. The system can be easily logged into, monitored, tracked or stores in different locations (Beynon-Davies, 2009). This means that there are a number of threats that are expected in the company which are as follows: The negligence by the management whereby it may undermine the need for installing good security in the information system The possibility of having weak points in the organization’s information system - this is because the employees can get a chance of creating alternative passwords or the backdoors password which they can later use when they leave the company or used the employees in the company to gain access to vital information or even carryout transaction Formers employees may retain the passwords for the organization hence can have a chance to gain access to the system Stolen password can be easily used by unauthorized users to gain aces to the internet and carryout transactions Threat Score Stolen passwords 10% Password retained by formed employees 50% Weak points in the information security system 40% negligence by the management 70% 5. Research the Microsoft risk management approach and write a report describing each of the four phases in the security risk management process. Risk assessment: This is the process whereby the risks are identified. Then priorities are set, data gathered and finally plans are laid done by preparing the guides to be used. Then risk data is gathered and the question here is in outlining the processes of data analysis and collection (Olegas, 2005). Finally the risk prioritized by outlining descriptive steps to quantify and qualify those risks. Basing support on decisions conducted: This involves the use of a cost reduction process in the evaluation and identification of solutions that will lead to reduction of business risks. Control implementation: This involves incorporating different other people, process for solutions and technologies as one of the main wholesome or all rounded way for implementing the approach for best results. Measuring the programs effectiveness: This stage, a scorecard is developed and it enables the system to understand the risks to be able to measure the effectiveness of the program. This will also entail the process of evaluation to check out all the available opportunities to improve to ensure the success of the approach (Olegas, 2005). A list of questions or concerns I have with the described approach. a) What is the level of security guaranteed by the system? b) Can the approach be used for the rest of the company’s life bearing in mind that technology is changing and there is a possibility of is being incompetent? c) What are some of the indicators that can be used to show success in the approach? d) What are the key indicators that the approach is sustainable? 6. Discuss the difficulty in estimating the probability of a threat or attack occurring. Describe methods that can be used to make these estimates. The achievement of information security is hindered by difficulties, which are experienced in the process of risk estimation. An effective information system should be tailored in such a way that it creates value, considers the account of the human effort, address all the uncertainties and assumptions. Be set up with regard to the best available piece of information, be dynamic, iterative, responsive and must be in such a ay that it can be improved or enhanced when need be (Aviason & Guy, 2006). The following are the main factors that hinders the process of risk estimations Incase the company does no have standard to be observed with reference to ensuring security of the information system When the system fails to meet the media criteria When the system lacks collaboration and coordination between and among credible sources When the approach does not leave a room for public participation who are very helpful in recognizing the possible risks for the company When the company doesn’t not provide a channel for receiving anonymous risk reports When the system lacks a live maintenance of the project database especially for the purposes of risk identification with these attribute; importance. Probability, Short description, open date and title If the system lacks an organized management of the risks as far as the projects are concerned. This is mainly when the plans lacks budget, activity, management risks and responsibility References Aviason, D., & Guy, F. (2006). Information systems development: methodologies, techniques and tools. Toronto: McGraw-Hill. Beynon-Davies, P. (2009). Business Information Systems. Palgrave: Basingstoke. Kenneth, C., & Jane, P. (2010). Management information system. Ontario: Pearson prentice hall Kroenke, D. (2008). Experiencing MIS. Upper Saddle River, NJ: Prentice-Hall Marite, K. (2002). Information systems development: advances in methodologies, components, and management. Oxford: Oxford University Press. Olegas, V. (2005). Information systems development: advances in theory, practice, and education. London: Spring. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information and Communication Technology Management and Information Assignment, n.d.)
Information and Communication Technology Management and Information Assignment. https://studentshare.org/information-technology/2059340-itc358-ict-management-and-information-security-assignment-2
(Information and Communication Technology Management and Information Assignment)
Information and Communication Technology Management and Information Assignment. https://studentshare.org/information-technology/2059340-itc358-ict-management-and-information-security-assignment-2.
“Information and Communication Technology Management and Information Assignment”. https://studentshare.org/information-technology/2059340-itc358-ict-management-and-information-security-assignment-2.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information and Communication Technology Management and Information Security

Information Security Management Issues

11 Pages (2750 words) Essay

Information and Communication Technology

Marketing Table of Contents Introduction 3 information and communication technology (ICT) Policies 4 Promotion of ICT Policies 5 Benefits of the promotion of the ICT policies 7 Implementation of the Government ministries and Institutions 8 Conclusion 10 Works Cited 11 Name of the Student: Name of the Professor: Course Number: Date of the Paper: information and communication technology (ICT) Introduction Information and communication are regarded as the integral part of human society....
7 Pages (1750 words) Research Paper

The Communication Technology Effect in Business

 This research paper explores the modern technologies in relation to communication technology and how they have made business sector to prosper.... nbsp;… Globalization has turned the world to a global market thus communication technology does not only help in ordinary business communication but is a critical ingredient in conducting faster transactions, marketing, and management of resources in the modern business environment.... nbsp;  Incidentals of Authorization and Submittal This study of communication technology effects in business is submitted to Mr....
7 Pages (1750 words) Research Paper

Information securtiy

First part deals with a general discussion about information security.... An introduction is given as to what information security… Then, the importance of designing an information security policy has been discussed.... information security in different fields has been considered.... Legislatures like Canadian Law and HIPAA have been Some lines have dedicated to explain the ISO/IEC 17799:2005 standard of information security policy....
12 Pages (3000 words) Essay

Communication for Management

The first is the legal and ethical framework relating to the collection, use, and storage of sensitive data and information.... Ethical arguments for storing information require that concerned parties store data securely.... The UK has an established Data Protection Act of 1998, which categorizes some information as sensitive.... nbsp;Having such ideas in mind classifies information about suppliers as critical and sensitive because of the competitive nature of the corporate environment....
4 Pages (1000 words) Essay

Information Security Management in the USA

The basic issue in the paper “information security Management in the USA”, which the author has chosen for discussion is information hacking.... Thus, an organized collection of procedures, people and information technology (IT) structure that protects decisive systems and information, and secure them from inside as well as outside intimidations is known as information security management (ISM) (Sipior & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
10 Pages (2500 words) Dissertation

The Communication Technology Effect in Business

This paper explores the modern technologies in relation to communication technology and how they have made the business sector to prosper.... The methodology used in this investigation was observational and analysis of the literal information and statistics available from research articles, peer-reviewed journals, books, periodicals, and the internet on the effect of communication technology in business.... In the following pages the research finding and analysis show how advancement in communication technology is critical for modern business activities....
7 Pages (1750 words) Research Paper

Information Security in Global Communication Enterprises

The paper "information security in Global Communication Enterprises" presents contextual research findings on the threats and risks that can affect the Smartphone of GCE's CEO.... It is the mandate of the information security Manager of the enterprise to research the issue and report to the CEO for the implementation of security measures.... As the device is undergoing its last tests, the technical specifications and information behind the creation of the device remain a myth to enterprise employees and many people around the world....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us