The Information Security Management System - Conceptual Mapping - Coursework Example

The Information Security Management System: Conceptual Mapping Name Institution Introduction Organization information is regarded as one of the most crucial data in any business organizations. However, with the advancement in technology, this corporate information has been under threat from a different computer attacker. Most companies have designed ways in ensuring cyber security. Information security is the term used to refer to the policies, collection tools, security concepts, information risks management approaches and guidelines that are set in order to secure the information of a business organization. In addition, companies and private individuals have developed ways in which they can implement best practices that can improve the information security in their business organizations (Becerra-Fernandez & Sabherwal, 2010). These practices involve designing knowledge management systems that will ensure that corporate data is handled with care and managed properly in order to prevent the breach of information security. According to Julisch (2013), there are different security threats to information in a business organization. Therefore, much of the way in protecting company information has relied on the established of a knowledge management system that will preserve the quality of company information and protect it from external hacker and fraud. Information security management systems are aimed at ensuring that information on the company is protected (Jennex, 2011). In fact, the information security management system aims to protect the confidentiality, information integrity and availability of corporate information to the authorized individuals (Dexter, 2002). This paper will evaluate the components of an effective knowledge management system in a business organization to ensure information integrity, confidentiality and availability. Overview of Information Security and Computer Crimes The development of a knowledge management system for information security is dependent on the understanding of different ways in which computer crimes are committed. This helps in the incorporation of a suitable element in the information management system. These information and computer crimes enable people to access codes, passwords of the information system, encryption codes and password cracking for vital corporate data. In managing the knowledge management system for information system, these computer crimes should be addressed fully. Social engineering This is where a hacker tricks an employee of a company into revealing the security codes in order to access company information. The knowledge management system should ensure that it focuses on policies that would prevent social engineering g practices in the company. Through social engineering, vital corporate information is leaked to third parties who use it against the company (Dexter, 2002). In addition, the information can be manipulated or modified such that it becomes useless for company use. Scanners These are individuals who are able to use scanning systems in the vulnerable computer operating system in order to access information on a company. These scanners are able to reveal service ports in the company. The scanners are able to scan through corporate information and gather vital information that can be used to attack the company. In addition, the information can be used by competitors to their advantages (Dexter, 2002). Password Cracker This is where an individual is able to crack the password to an information system in order to gain access to corporate information. Different approach is used in cracking the codes. Additionally, the computer crimes and illegal access to company information have different t ways of destroying the quality and integrity of information in a company (Bloomberg BusinessWeek, 2012). Knowledge Management System in Information Security The knowledge management system would include a set of policies and practices that will ensure protection of corporate information. In order to manage the information of the company, the knowledge management system has the following policies and protocols. There are two ways in which are crucial in ensuring proper management of corporate knowledge (Kruger & Kearney, 2006). Policy of the Knowledge Management System Although different policies and regulation have been developed and implemented, information insecurity continues to be a threat to most organizations. This is due to poor management policies in corporate information (Demergis, 2013). The development and implementation of computer protection and management policies is crucial for information defence. This is because policies ensure sound management of company knowledge and documents. In order to ensure information security, there is the need to analyse the ways in which organization information is used by employees on how the knowledge information management system functions. The knowledge information system in information security should cover the following areas (Jennex, 2011). (i) A password management system In controlling access to information systems, the knowledge management system should state policies that are in policy in order to ensure proper management of access password and computer passwords. The management system should be able to stipulate the limitations in accounts administration of company information in regard to operating systems, servers and computer system applications. The information management system should include the following procedure in establishing a password management policy (Bloomberg BusinessWeek, 2012). (a) The procedure that is involved in managing passwords and procedure for protecting files and administration accounts in the company. (b) The information system in the company should be able to generate passwords in a random manner so that each individual is able to have his or her own password. This makes it possible to establish the people who access company information without authorization. (c) Length of password life (d) Strength of passwords (e) Expiry date of passwords (ii) Ant-virus The knowledge management system in information security should be able to identify vulnerable areas in information systems. Antivirus is used especially when the company systems are connected to the outside world through the internet, community and other devices. This means that the company should employ an effective anti-virus policy in the company to be incorporated in the information management system (Solms & Niekerk, 2013). (iii) Proprietary Information There is information that the company does not want exposed to the external world and some employees in the company. This information includes product designs, strategic human resource planning information, financial accounting and financial forecasting data, and staff medical records. The company knowledge management system in securing company information should include a policy that ensures a proper management process of sensitive information. The incorporation of the password management, proprietary information and antivirus policies in the organization knowledge management system for information security is helpful in ensuring sound information practices in the organization. Technology There are a number of information technologies that can be incorporated into the knowledge information system in order to ensure information security. This information technology offers insurance against the unauthorized access, loss of company data, modification of data without authorization and attacks (Treek, 2003). The interplay between policy and technology is crucial in ensuring information security. Perimeter defence systems are the defence mechanism that is incorporated in a management system in order to detect unauthorized access into information systems. These mechanisms are founded at the boundaries of the assets that are protected, whether it is a network, host tied to a network or a machine such as computers. Such mechanisms include firewalls, virtual private networks, and intrusion detection systems. In most cases, such mechanisms are in the form of hardware, software or a combination of software and hardware (Dexter, 2002). Perimeter defence technologies make use of standard based technologies such as Internet Protocol Security (IPsec). This is a standard for encryption, authentication, and internet tunnelling. This means that the information security system should include firewalls, encryptions and intrusion detection systems. Firewalls are able to block the internet users from access the corporate information without identification. This implies that there is not communication between the company and private users. There are also intrusion detection mechanisms that are able to detect any unauthorized access of information. These systems are able to keep a record on networks levels and host information (Jennex, 2011). On the other hand, virtual private networks provide information security from cyber criminals. The virtual private networks are able to encrypt the sources and destination addresses so that they are not exposed to the internet. There are also ways in which persons in a communication network are able to share information in a secure mode. Therefore, companies should design their knowledge management system for information security through the guidelines in policy making and use of different technologies in order to protect the company data (Fernandez & Fernandez, 2005). Conclusion Business organization strives to secure information system from unauthorized individuals. There are different knowledge management systems that can be used in ensuring that proper measures are inn policy to protect company information and ensure a working information system. In addition, companies and private individuals have developed ways in which they can implement best practices that can improve the information security in their business organizations. These practices involve designing knowledge management systems that will ensure that corporate data is handled with care and managed properly in order to prevent the breach of information security. There are different ways in which company information security can be compromised. These include password crackers, scanners, and social engineering which enables private individual to access company data. A mechanism that is included in information management systems include firewalls, encryption codes, virtual private networks and intrusion detection systems that are able to protect the data from external access. Therefore, in ensuring quality knowledge management systems these considerations should be implemented. References Becerra-Fernandez, I., & Sabherwal, R. (2010). Knowledge Management: Systems and Processes. New York: M.E. Sharpe. Bloomberg BusinessWeek. (2012). Cyber Crime and Information Warfare: A 30-Year History. Bloomberg BusinessWeek. Retrieved from: http://images.businessweek.com/ss/10/10/1014_cyber_attacks/8.htm Demergis, J. (2013). Proceedings of the 9th European Conference on Information Warfare and Security. London: Academic Conferences Limited. Dexter, H. (2002). The cyber security management systems: A conceptual mapping. Retrieved from http://www.sans.org/reading_room/whitepapers/basics/cyber-security-management-system-conceptual-mapping_591 Fernandez, J., & Fernandez, A. (2005). SCADA systems: Vulnerabilities and remediation. Journal of Computing Sciences in Colleges, 20(4), 160– 168. Jennex, M. (2011). Crisis Response and Management and Emerging Information Systems: Critical Applications. Hershey: Idea Group Inc. Julisch, K. (2013). Understanding and overcoming cyber security anti-patterns. Computer Networks, 57 (3), 2206–2211. Kruger, H., & Kearney, W. (2006). A prototype for assessing information security Awareness. Computer and security, 26(2), 289-296. Solms, R., & Niekerk, J. (2013). From information security to cyber security. Computers and Security, 1(2), 1-6. Treek, D. (2003). An integral framework for information systems security management. Computer and security, 22(4), 337-366. Read More