StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Map - Case Study Example

Summary
The study "Information Security Map Study" critically analyzes the structural elements of the information security map. The objective of implementing information security is to ensure that the resources or assets are protected from unauthorized while ensuring that we still maintain confidentiality…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.1% of users find it useful

Extract of sample "Information Security Map"

Your Name: Student Number: The unit code: Title: Assignment title: Due date; Title of your topic: Table of Contents Contents Contents 2 Concept Map 3 1.0Introduction 4 2.0 Scope: 4 3.0 Objective of the Information Security: 4 Explanation: 8 4.0 Recommendation 9 5.0 Conclusion 10 6.0 References: 11 Concept Map O 1.0 Introduction Information Security:-Means protecting information and information systems from unauthorized access, use of disclosure, disruption modification of destruction. 2.0 Scope: The scope of the work is to determine if Mr Jonah a Director of InnoSensors based in Perth, Western Australia. Has adhered to the objective of Information Security objectives i.e. the CIAN (Confidentiality, Integrity, Availability and Non Repudiation) 3.0 Objective of the Information Security: The objective of implementing the information security is to ensure that the resources or assets are protected from unauthorised while still ensuring that we still maintain confidentiality:-Protection against unauthorised disclosure of information, Integrity:-Ensuring that the information stored on computer system is never altered in any way that is not appropriate Availability:-Ensures that the information can be accessed by people who should access it when they need it. Threats:-Harm that can happen to an asset. Laptop-: physical theft, Since Mr Jonah occasionally leaves his laptop in the car Rogue Access point/Honey Pot :-Since Mr Jonah also frequently visits Internet cafes for lunch where he utilises the Internet for up to an hour each day he is susceptible Illegal leakage of information, worms, Virus attacks etc.; Lack of Firewall and Antivirus:-This is makes him susceptible to attack by the hackers and other threats that is he is exposed to. Database: Unauthorised access, theft copying of the sensitive information because he carries the sensitive information on his laptop, An attacker can use this opportunity to attack the laptop access the information steal it and sell it to rival competitor which can have catastrophic effect on the organization Mr.jonah is working for. Encryption or Authentication mechanisms: The data stored on Jonah’s laptop, Ipad smart phone is stored in a plain text i.e not encrypted, This information can be eavesdropped by hackers. Assets: This refers to a resource of Value that is when exploited or attacked can have a tremendous negative effect to the organization. Vulnerability: Likely hood of exploitation Walking around with unencrypted data on a laptop Lack of firewall Lack of antivirus Unpatched systems Lack of organization security concerning information security on sensitive data Susceptible to physical to physical damage of the asset(Laptop, pad or Smartphone) Mr Jonah can also be attacked Risk: Threat to an asset Data can be stolen and sold to the competition Laptop can be stolen Since his the laptop is not protected with a firewall, Antivirus or any third party software it is susceptible to worms, virus or hackers attack. After connecting to a public network and then connecting the same comprised laptop to the company network, can be a loophole for the attacker to use as platform for an attack. Incase of our Jonah the Director of InnoSensors based in Perth, Threats: Physical Theft: His laptop, pad or smartphone could be stolen with the vital information. Mechanical/Physical Damage: His laptop, pad or smartphone are susceptible to physical damage since Jonah is on a constant travel Port Scanning: Since Mr.Jonah connects to public wireless network any potential attacker can run port scanning software to identify any potential opened port for intrusion. Since Mr Jonah is using unpatched system, his system is susceptible to attack, he needs to update his system regularly with the latest patches from legitimate vendor (Kizza, 2001). Countermeasure: Carryout the risk analysis, which may involve: Identifying and assessment of the level of risk calculated from: Value of assets Threat to asset Vulnerability and likelihood of exploitation An agreed upon framework is:- To assess the risk a matrix can be used to evaluate threats and counter measure Explanation: In the case of Mr.Jonah, there are some threats that have high expectance and also high impact both to him and the organization that is he is working for. For instance While on the road, Jonah occasionally leaves his laptop in the car. This laptop can be stolen and also the impact is high since the laptop carries unencrypted client confidential business and financial information. The confidentiality of information is important as any disclosure could cause significant embarrassment to him and the company, as well as impact client privacy and confidence. Also, Jonah must provide correct, factual information to all clients hence ensuring the integrity of information is vital. Lastly, should any information not be available when needed, this may result in clients taking their business to the new to market competitor (Kizza, 2001). Looking closely at his action it means his action can be prevented him by being well Informed about information security although he uses computing technology to support his Job, not leave his laptop in the car unattended. A contingency plan can be employed by contacting the insurance company for his laptop to be insured in case his car is broken into or he is attacked by car jerker and his laptop stolen (William Stallings and Lawrie Brown, 2013). Another Countermeasure that can be employed by Mr Jonah includes: Installing the latest patches for his laptop to patch any vulnerability that an attack can use to gain access his system and steal or compromise his system or data. Installing antivirus software and ensuring that the antivirus software is up-to-date and also running in order to protect his system from worms, virus, Trojans and softbots. Installing the latest and best firewall to protect his system from being attacked by hackers. Data encryption; Ensuring that his data is stored in an encrypted format to keep the eavesdropper out, or in case where the attacker managed to get the encrypted data it would be useless to him or her since he or she does not have the decryption key. He can also use a Virtual Private Network while communicating using the public network as the internet. He should also avoid connecting to a public wireless network using his laptop which contains customer and financial confidential information. Because some of this public wireless access point can be rogue access point or honeypot that attackers use to harvest details on unsuspecting victim. If Mr.Jonah wants to connect to a public wireless network at the café using a laptop he should ensures that it doesn’t contain Company sensitive information and also ensures that the latest updates of firewall is installed and also the antivirus. The company should also come up with information security policy that governs how the company information is handled, stored and accessed by authorised users. 4.0 Recommendation Realizing information security is expensive and an organization must do a risk analysis in its events, event s include virus Cryptography can be used to enforce integrity, Authentication, Non-repudiation while availability is enforced through organization Procedures. 5.0 Conclusion With the advancement of the technology protecting information has become the most vital for most of the company, This has also made it even harder because many computer crimes are undetected for along period of time making it difficult to learn from experiences. In addition to this: Many potential threats exist Most of the company computing resources are situated in many locations making controls overall resources difficult Many individual controls information assets Computer networks may be located outside the organization Security procedures are a source of inconvenience and people tend to violate them It is difficult to conduct cost/benefit justification for controls before an attack occurs since it is difficult to assess the value of a hypothetical attack. The cost of providing hazards can be considerably high so most organizations are not able to protect against all hazards. Attempts to provide greater security, results in difficulties such as:- Compromised ease of system use Loss of performance Increased security means greater difficulties in maintaining systems as well as greater efforts on administering security (William Stallings and Lawrie Brown, 2013). 6.0 References: 1. Kizza, J. M. (2001). Computer Network Security And Cyber Ethics (4th ed.). United States of America: McFarland & Company inc. 2. William Stallings,Lawrie Brown. (2013). Computer Security Principles and Pracitce (Second ed.). Australia: Person. Read More

CHECK THESE SAMPLES OF Information Security Map Study

The Pakistan-Afghanistan Border

Thereafter, the maps shall be drawn to represent the region under the control of insurgents and military, those under the occupation of the Pashtun community and the spread and distribution of violent and criminal acts in the area under study.... national security interests, yet the extent of this security threat is yet to be appreciated by policymakers in Washington.... The research shall unearth the possible causes of degenerating security and help the reader understand the region better....
14 Pages (3500 words) Thesis Proposal

Information Security in Wireless Local Area Networks

This essay "information security in Wireless Local Area Networks" sheds some light on the rapid growth of wireless communication that has become common in enterprises.... A thesis statement is about the information security concerns, designing the protocols, and implementation of the paramount.... Data confidentiality, availability, and integrity are key objectives of information security as stated in the current paper.... Man in the Middle (MitM) is a real information security concern for the Wireless Local Area Networks....
5 Pages (1250 words) Essay

An Evaluation of Wireless Intrusion Prevention and Protecting Insecure Channels

This paper will also discuss a number of security threats associated with these networks.... This paper also discusses various strategies to deal with these security threats.... This paper will also discuss a number of security threats associated with these networks.... This paper also discusses various strategies to deal with these security threats.... Without a doubt, wireless technology offers a large number of advantages over traditional networking technologies that's why their usage is continuously increasing with the passage of time, but they also bring serious security issues that affect the quality of communication....
30 Pages (7500 words) Research Paper

Introduction to WiMAX Technology

These two entities have virtually transformed the world as far as information processing and communication is concerned.... This paper is focused on the WiMAX Technology.... According to the text, one of the vital accomplishments of the 21st century was the invention of the computer and the subsequent creation of computer networks....
13 Pages (3250 words) Research Paper

Integrated Physical Security: Fraud and Information Security

This paper will discuss the integrated physical security, and define the factors to be considered when providing integrated physical security protection for a high, rise multi-tenanted office building in an inner-city location, parts of which are in use 24 hours a day, seven days a week.... Nowadays security is more complicated and significant than ever before, however, it does not signify that similar solutions are appropriate for each business....
18 Pages (4500 words) Case Study

IPSec and Cryptography

This is achieved by configuring admission lists that are further interfaced in the crypto map sets (Pachghare, 2009).... The major source of security for the IP network layer is the Internet protocol security (IP sec).... This implies that the security of all the IP packets is granted, regardless of the superiority of the protocol being transported in the packet payloads.... When using the internet security protocol, the applications do not require further reengineering....
6 Pages (1500 words) Essay

Access Control Methods in Information Security

With these types of controls, access is granted as per one's allowed extent of exposure to information security systems.... These counter-systems to these threats will be discussed in this study regarding their operation and the benefits they offer to the information technology field.... This paper ''Access Control Methods in Information Technology'' tells that access control is one of the most sensitive aspects of computer and computer systems' security....
6 Pages (1500 words) Coursework

Security of a Strategic Installation

The paper "security of a Strategic Installation" highlights that various measures can be instituted in order to curb espionage and hence, sabotage.... Industrial security procedures are measures put in place to curb threats that affect industrial objectives.... Industrial security procedures also include measures put in place by the government to handle information that is affiliated to the government and deemed classified.... In the US, the National Industrial security Program (NISP) was set up during the reign of President Bush....
13 Pages (3250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us