StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Concept Map - Coursework Example

Summary
The paper "Information Security Concept Map" focuses on the critical analysis of the aims or purposes of information security, discussing the possible attacks on information systems, and providing an Information Security concept map to cope with the problems…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful

Extract of sample "Information Security Concept Map"

Information security concept map Name: Course: Tutor: Date: Contents Information security concept map 0 Name: 0 Course: 0 Tutor: 0 Date: 0 Contents 1 Introduction 2 Aims of information security 2 Possible attacks and counter measures 4 Data manipulation and modification 4 Data theft 4 Flooding 4 Spoofing 5 Jamming 5 Mole/Sabotage 5 Packet sniffer 5 Social engineering 6 Virus attack 6 Concept map 7 Reference 7 Introduction Information is a very valuable asset to any organization. Each organization has the responsibility of ensuring that the integrity, validity and availability of information is maintained at all times. Due to the need to ensure the achievement of the mentioned attributes, there has been need for identification of possible attacks that any information system is prone to experience. Some of the attacks and risks associated with it can be caused directly by human negligence or indirectly. This paper discusses the aims or purposes of information security. I go ahead to discuss the possible attacks on information systems. A concept map has been provided at the end of the discussion showing the idea flow of the discussions given in the paper Aims of information security Information security is a field that concerns with the protection of information and data from unauthorized access or any activity that would otherwise be harmful to the information owner (Anderson, 2001). It is about preventing loss or managing the same. Some of the losses that information security seeks to prevent include loss of reputation, loss of financial assets and valuables, loss of customer goodwill and desire for engagement among other (Bishop, 2003). In general, its purpose is to protect the information resources of any particular organization from unauthorized access or damage. Some of the major points that can be pointed out here as the main aims of practicing information security include the following: a. Availability of information resource at all times. One of the aims of information security is to ensure that the same information is available at all times when needed. Unavailability of information can be caused by damage or corruption in the same or loss due to theft. Some of the resources that aid in the information processing and transfer need also to be well secured (Denning, 1982). b. Integrity of information: Integrity of information is an important aspect that each organization aims to achieve in its data stores (Ross, Janssen, & John, 2004). Protection of information and data is done in order to ensure that the integrity of the same is kept at all times. Viruses and other malware can corrupt information and for that reason, causes them lose its integrity. Unauthorized manipulation of information or data can also cause the same to lose integrity (Gollmann, 1999) c. Information confidentiality: Information is secured from unauthorized access in order to prevent confidential information from leaking out. Exposing client confidential information can cause a lot of problems to the company and for that reason, might attract a lot of law suits which can prove very costly to the company(Kenigsberg, 2004) Possible attacks and counter measures Data manipulation and modification Modification of data without authorization could lead to denial of information when required. False information can be generated from one’s own data files, which may lead to making poor or wrong decisions based on the retrieved data (Russell, 1991). This problem can be solved by use of intrusion access control backup or by training the users on right means of data security and management. (Lambo, 2006) Data theft This is a situation where information is stolen from a computer without the knowledge of the owner. The bad side of theft is that a competitor or a criminal might get access to the information (Schneier, 2000). This problem can however be controlled by training the users, use of backup as well as use of intrusion detection access control mechanism (Anderson K. , 2006). Flooding Users who bombard systems with a lot of information such that the systems are not able to handle all of them cause flooding (Aceituno, 2005). The risk associated with this problem is that the system might not process all the information coming or going out leading to some information to be left out (Dhillon, 2007). Another problem caused by the same problem is denial of service to users. It can be solved by use of firewalls and application of redundant systems in the machines/systems. Spoofing Spoofing can also be referred to as imitation. In this case, a pretender or imitator hijacks a valid session and pretends to be a valid user. The same can also be done by stealing authentication information like User Name and Password (Allen, 2001).  This attack is very bad because it is difficult to identify a valid user form a hijacker. Solving the problem can be done by use of stricter access control mechanism, encryption and user training (Krutz & Russell, 2003). Jamming Jamming can be caused by Electromagnetic waves, which disrupt transmission signals. Jamming can cause incorrect signals to be received or on the other hand the signal is received but cannot be understood by the users (Layton, 2007). This problem can be solved by use of redundant systems or disconnection of the networks once the problem is experienced. Mole/Sabotage A trusted person can expose organizational information to a competitor, criminal or to the public. Such people might be driven by a motive to revenge. Though it is hard to identify a mole in an organization or within close relations circles, measure to prevent the same from happening need however to be applied. This includes training of users and use of stronger access control mechanisms. Packet sniffer Packet sniffers are software tools that are used by attackers to collect valuable information in a network or a system. Such information that can be stolen by an attacker would include userID, Passwords, E-mails or credit card numbers. Encryption is the most effective way and common way to solve the problem (McNab, 2004). Social engineering Social engineering is one of the most common ways in which an attack can be perpetrated (White, 2003). In this case an attacker gains user trusts then tricks her/him into revealing his or her secrets like passwords, username and other important information (Dhillon G. , 2007). The only way to prevent such problem is by making users aware of such people and some of the techniques they use in the process. Virus attack A virus is a malicious program that attaches itself in to a computer program. The malicious program can destroy valid programs or information not forgetting that it can cause the systems computational time to be very low (Peltier, 2001).  The best way to prevent such attacks is by use of antivirus software like MacAfee, Kaspesky among others. Use of redundant systems, backups and user training are also some of the ways of solving this attack (Peltier, 2002). Concept map Reference Aceituno, V. (2005). On Information Security Paradigms. ISSA Journal . Allen, J. (2001). The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley. . Anderson, K. (2006, October 12). IT Security Professionals Must Evolve for Changing Market. SC magazine . Anderson, R. (2001). Security Engineering: A Guide to Building Dependable Distributed Systems. New Jersey: John Wiley and Sons, Inc. Bishop, M. (2003). Computer Security: Art and Science. London: Pearson Education, Inc. Denning, D. (1982). Cryptography and Data Security. New York: Addison-Wesley. Dhillon, G. (2007). Principles of Information Systems Security: text and cases. NY: ohn Wiley & Sons. Dhillon, G. (2007). Principles of Information Systems Security: text and cases. New York: John Wiley & Sons. Gollmann, D. (1999). Computer Security. New Jersey: John Wiley and Sons,Inc. Kenigsberg, N. (2004). A Framework for HIPAA IT Security Compliance: Leveraging for Security . Boston : EDUCAUSE Center for Applied Research Bulletin. Krutz, R., & Russell, D. V. (2003). The CISSP Prep Guide . Indianapolis, IN: Wiley. Lambo, T. (2006). ISO/IEC 27001: The future of infosec certification. ISSA Journal . Layton, T. P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. . Boca Raton, FL: Auerbach publications. McNab, C. (2004). Network Security Assessment. Sebastopol, CA: O'Reilly. Neumann, P. (1995). Computer-Related Risks. . New Jersey: Addison-Wesley. Peltier, T. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications. Peltier, T. (2001). Information Security Risk Analysis. Boca Raton, FL: Auerbach publications. Ross, T., Janssen, & John, J. (2004). Leveraging IT Infrastructure for HIPAA Training EDUCAUSE Center for Applied Research Bulletin. Boston: EDUCAUSE Center for Applied Research Bulletin. Russell, D. a. (1991). Computer Security Basics. Sebastopol CA: O'Reilly and Associates. Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. . New Jersey: John Wiley and Sons. Inc. White, G. (2003). All-in-one Security+ Certification Exam Guide. Emeryville, CA: McGraw- Hill/Osborne. Read More

CHECK THESE SAMPLES OF Information Security Concept Map

Integrated Physical Security: Fraud and Information Security

ow I will discuss the integrated security main factor that is organizational information security.... Technical administrative safety /security measures like that security plans, actions and techniques are put carry out the organizational information security measures (Voss, 2001).... information security comprises organizational features, legal aspects, institutionalization and applications of best practices in addition to security technologies....
18 Pages (4500 words) Case Study

Network Security and Control Mechanisms - Threats and Challenges

It however creates new threats and alters the existing information security risk profile.... Although these controls cannot single handedly solve security issues, they are an important part of an information security program. ... Privacy is a very broad concept encompassing several definitions.... This paper ''Network security and Control Mechanisms - Threats and Challenges'' presents a framework that is designed to help managers to understand and to be able to assess the various threats associated with wireless technology use....
15 Pages (3750 words) Research Paper

Security of a Strategic Installation

The most common ones include satellite map images.... Some of the sensitive materials they may be after are satellite map images.... This creates a map of the network to ascertain what applications, operating system and address ranges are being used.... Spies have been known to take photos and videos in order to map out their navigation through such facilities.... The paper "security of a Strategic Installation" highlights that various measures can be instituted in order to curb espionage and hence, sabotage....
13 Pages (3250 words) Assignment

Similarities and Differences between Security Risk Management

For instance, most organizations must be information security conscious so that they can develop and implement proper security controls based on the results of internal risk and vulnerability assessments (Aven, 2008).... Indeed, security risk assessment provides the management with tangible information so as to make informed decisions concerning information security (Turner & Gelles, 2003).... Security Risk management: Building an information security Risk Management Program from the Ground Up....
10 Pages (2500 words) Coursework

The Intersection between Security and Risk Management

he use of psychometric safety risk management concept map to inform understanding of safety risk management ... The psychometric security risk management concept map can be used to offer a better understanding of security risk management.... A concept map is a depiction of a situation.... A concept map is a thinking instrument that is utilized to explore diverse features of a theme.... A concept map is usually imaged, vibrant and result based simulation that is utilized in daily life to think about and understand the globe....
8 Pages (2000 words) Report

Management of Information Technology Resources and Information Security

The author of the paper 'Management of Information Technology Resources and information security' will reflect on a case study involving Robert, a Client Manager for Biomed Devices in Perth.... This paper is an information security mapping case study and aims at identifying the importance of information to companies and society in general, discuss concepts, values, and techniques that relate to information security, and present advantages, threats, and susceptibilities linked to various IT environments....
7 Pages (1750 words) Case Study

Information Security Mapping for Biomed Devices

The paper "information security Mapping for Biomed Devices" will discuss the significance of information to organizations and society, describe and apply ideas relating to information security, and discuss the benefits, shortcomings, and risks o various IT environments.... Robert has little knowledge on information security.... information security Mapping ... Robert has little knowledge on information security and does not use third party firewalls, antivirus, among other software for protection of his information system....
7 Pages (1750 words) Case Study

Information Security Map Study

The study "information security Map Study" critically analyzes the structural elements of the information security map.... The objective of implementing information security is to ensure that the resources or assets are protected from unauthorized while ensuring that we still maintain confidentiality.... Objective of the information security: 4 ... Has adhered to the objective of information security objectives i....
5 Pages (1250 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us