Information Technology Security Management and Its Impact on Business Success - Thesis Example

INFORMATION TECHNOLOGY SECURITY MANAGEMENT AND ITS IMPACT ON BUSINESS SUCCESS Name Grade Course: Tutor’s Name: 10th, December, 2009 PART A Current Situation Scheduled Objectives: This project has several objectives all which if accomplished produces an appropriate secure infrastructure design for H&R. Several of the objectives have been met but there are others yet to be met. These are: a) To produce a report containing the High risk factors involved in IT security management and recommend ways of improvement. High risk factors have been identified but a complete report has not yet been compiled describing them and how they can be reduced or eliminated. The high risk factors already identified include: The risk of losing computer files due to inadequate system’s security The risk of self destructive programs or destructive programs left by rivals The risk of the organization’s computer systems being infected by viruses Risks due to the use of inappropriate techniques (Cazemier et al, 1999) b). to evaluate the outcome. Objectives in the Process of Being Achieved: This is not yet accomplished but is in the process of being accomplished. a). To produce a report containing the high risk factors involved in IT security management and recommend ways of improvement. As noted above, the high risk factors have been identified and currently, a research on how these risks can be eliminated and reduced is underway. This process also includes identifying other alternatives apart from the already identified secure infrastructure designs and implementation methods. Completed Work: The following objectives have been met. a) research on the secure network infrastructure for ecommerce b) analysis and evaluation of a secure network infrastructure for ecommerce strategies c) investigation of the benefits of ecommerce and the use of internet on business in order to identify the benefits of the new system and d) Determination of the assumptions and constrains of the secure network infrastructure for e-Commerce Problem Areas: Currently there are no problems being experienced. Key Work during the Next Period: Task  Responsibility  Estimated time in day Literature Search Research from academic publications, internet, textbooks etc. Complete Collecting information Researching on the various secure network infrastructure for ecommerce strategies Complete Analyzing the collected information Analyzing and evaluating the collected secure network infrastructure for ecommerce strategies Complete Evaluation of the benefits of the new system Evaluating the benefits of the secure network infrastructure for ecommerce strategies Complete Determine the assumptions and constrains of the system Evaluating the benefits of the secure network infrastructure for ecommerce strategies Complete Initial Report Produce initial report (draft report) Complete Interim Report Produce the Research finding reports Complete Design and implementation of the new system. Evaluating the benefits of the secure network infrastructure for ecommerce strategies 14days Final Report Produce final Report 5days TOTAL= 19 Days PART B The Draft Report Table of Contents 1.0 Introduction: this section will give a brief description of what the project is about, its importance to the organization and how it can be implemented. 2.0 Literature review: This will describe in detail about secure network infrastructure for e-commerce and information security management. All necessary information about secure network infrastructure and its implementation will be described in this section giving more information than already given below. 3.0 Justification: This will describe the reason why it is important for an organization to have a secure network infrastructure for e-Commerce strategies. It will give the reason for developing a secure network infrastructure for H&R. 4.0 Objectives 5.0 Methods: This section will describe the methods used to accomplish the missions of the project. 6.0 Results: This section will show the accomplishments made by use of the methods described above. 7.0 Design and Implementation: A description of the appropriate design that has been selected will be given along with how it can be implemented to ensure secure management of H&R’s information system. 8.0 Importance and benefits of the infrastructure to the organization 9.0 Conclusion 10.0 References 1.0 Introduction The current business field has developed to a level where corporate organizations use certain information technology applications to act as a medium of communication, transactions, book keeping and so on. These systems enable sharing of data among individuals and corporate companies including the unauthorised people. Corporations’ interconnectivity has to remain within local connections, that is, important information that needs not to be shared by outsiders should not leave the company’s local area network. In order to ensure this happens, an information security system has to be established. High technology growth and globalization require corporations to develop external systems and corporate application links to facilitate growing business demands of reaching to external or global markets. Corporations nowadays turn to e-commerce to ensure they remain in business and make profits. This and the need to prevent trusted information from reaching un-trusted networks is the reason why it is important to develop secure system that will help in the management of information/data. The aims of this project is mainly to design and implement server protocols that will satisfy the business needs as well as maintaining security and integrity of the organisations critical and confidential data. It will also consider ways of minimizing network security threats for H&M. 2.0 Literature Review Secure Network Infrastructure for e-Commerce Corporations build networks considering some level of trust in how the corporate data is shared among them. When the same information is to be shared with other networks for example the internet, the level of trust changes. No one from the outside is trusted with an organization’s data. This is the reason why corporate administrators opt to look for a safer way of sharing data (Window Security, 2002). Building a secure network infrastructure helps in managing information security of an organization. Secure networks for e-commerce make use of certain security technology methods whenever networks of corporations interconnect. These methods are; the use of firewalls, the use of routers, the use of vulnerability assessment tools and the use of Intrusion Detection Systems (IDS) (Merkow, 1999). The Basic Security Infrastructure The basic security infrastructure consists of a router, a firewall, the intrusion detection system, the protected application and web serves (Demilitarized Zone), the internal host computers and the internet (Window Security, 2002). The fire wall is the main protective component of the security system. The security infrastructure system can be designed so that the fire wall is the control point, is the gateway and are the filters. Fire walls are just mechanisms used to protect an organization’s/ trusted network from other un-trusted networks (Window Security, 2002). A firewall therefore depends on the organization of the networks being protected and the function of the network infrastructure (Tassabehji, 2003). Approaches to Implementation of Secure Networks There are so many approaches that can be used to ensure security in an organizations network. SANS institute proposed a modular approach to implementing a secure network infrastructure. According to this publication, the network infrastructure should be implemented in phases. That is, implementing one module after the next. The modules described by this institute are; management and back-end operations module, ISP connectivity module and hosting services module (SANS Institute, 2002). Wave Security Group describes a different approach but which can be used with SANS approach. The group indicates that implementing a secure network infrastructure begins with data discovery, then information security procedure and policy analysis, assessment of the existing infrastructure, its security and risks follows, designing of an appropriate network infrastructure comes after, then arrangement of the security solutions. Monitoring and evaluation of the deployed solutions are done and lastly the security management process is implemented (WSDG, 2009). A secure network infrastructure is a security system. According to Convery, a security system’s development process has three steps (2004). These are; investigating the security policy drivers, developing a security policy and designing the security system (Convery, 2004). All these approaches can be studied and used in the development of a secure network infrastructure. Information Security Management An established security system requires good management which ensures continued security. Security management is into two components which are; the proponents of tailor made security and the proponents of ready made security (Cazemier et al, 1999). Tailor made security requires management to begin with a systematic research of dependencies, weaknesses (also considered risks) and threats and ready made security requires the use of checklists in management to attain efficiency (Cazemier et al, 1999). There are three important considerations that have to be taken into account whenever security management is to be implemented. These are; that security cycles happen at all levels of an organization, that the process of information security is cyclic and that it requires making of choices (Cazemier et al, 1999). Information security system being cyclic: Information systems of organizations change and this requires continual revision of the management system. It requires planning, implementing and evaluation and implementing the revised outcomes. Information security system is at all levels: Information security system has top level management where tasks are allocated from to the lower levels of management. Information security systems require making choices: Any information security system has risks and an organization has to decide on which risks it will cover and those it will not. This requires a thorough risk analysis (Cazemier et al, 1999). PART C Interim Report Secure Network Infrastructure for e-Commerce The current business field has developed to a level where corporate organizations use certain information technology applications to act as a medium of communication, transactions, book keeping and so on. These systems enable sharing of data among individuals and corporate companies including the unauthorised people. Corporations’ interconnectivity has to remain within local connections, that is, important information that needs not to be shared by outsiders should not leave the company’s local area network. In order to ensure this happens, an information security system has to be established. High technology growth and globalization require corporations to develop external systems and corporate application links to facilitate growing business demands of reaching to external or global markets. Corporations nowadays turn to e-commerce to ensure they remain in business and make profits. This is the reason why it is important to develop secure system that will help in the management of information/data. The aims of this project is mainly to design and implement server protocols that will satisfy the business needs as well as maintaining security and integrity of the organisations critical and confidential data. It will also consider ways of minimizing network security threats for H&M. Objectives: The following are the objectives of the project a). To research on the secure network infrastructure for ecommerce. What are the identified secure network infrastructures? The research will include academic literatures, enterprise publications and books on secure network infrastructure for ecommerce. b). To analyze and evaluate secure network infrastructure for ecommerce strategies. Special consideration will be made to external consultants like the IS Integration Ltd which will assist in the creation of the secure network infrastructure for ecommerce. c). To investigate on the benefits of ecommerce and the use of internet on business. In order to identify the benefits of the new system, research will be conducted on internet marketing methods, online payments and the feasibility (likelihood) study will be conducted at the company d). To find the assumptions and constrains of the secure network infrastructure for ecommerce. e). To produce a report containing the High risk factors involved in IT security Management and recommend ways of improvement. f). To evaluate the outcome. How the Objectives were Accomplished/Methods Below is a description of how the objectives were met. 1. Research on infrastructure. Research was conducted on internet sources to identify secure network infrastructure designs and implementation methods/approaches Research was done on books containing information about Information technology security management books. Research was also done using Enterprise publications for example Wave secure data group and SANS Institute. 2. Analysis and evaluation of secure network infrastructure for ecommerce strategies. Information was gathered on implementation systems, evaluation done on their functionalities and features. Evaluation of database configurations and application servers to support known requirements for eCommerce was also done. Evaluation of methods of implementing the secure network infrastructure. Evaluation of the established regular procedures for vulnerability testing the network infrastructure. Evaluation of the basic training methods for the users. 3. Determination of the Benefits of ecommerce and the use of internet on business. Research was done on ecommerce and the use of internet and its benefits on businesses, on ecommerce and marketing, on ecommerce and online purchasing of goods and on systems ease of use and availability. 4. Assumptions and constrains of the secure network infrastructure for ecommerce. Research was done on the technology status for basing assumptions. Evaluation of the network infrastructure shortcomings and challenges faced was done as well as Evaluation of the security management methods to be implemented. Results/Accomplishments 1. The first objective of the proposal was to research on secure network infrastructure for e-commerce. This research was to consider internet resources, books and enterprise publications. The following has been achieved. Research has been conducted and firewalls have been determined to be the best way to protect data from the organization to the outside network (Window Security, 2002). A fire wall is a system or a collection of components placed between two networks that; only allows authorized traffic by the security policy to pass through it, that allows traffic from inside and out side and vice versa to pass through it and is resistant to penetration (Window Security, 2002). This means that what protects the internal data/corporate data from being exposed to the external internet network is an organized infrastructure which has to be continually managed and has to have specific protection and management components. These management and protection components are described in SANS Institute publication on designing a secure network infrastructure (2002). The research has identified three modules through which a secure network can be implemented. The modules are: the management and back-end operations module, the hosting services module and the ISP Connectivity module. This conforms to the advice give by the EUCS FMD Unix, commissioned external consultants IS Integration Ltd and avoids the implementation of the secure network infrastructure in one phase (SANS Institute, 2002). Research also yielded the fact that a network security policy has to be developed to guide the use of a firewall system, the information security management, designing of a secure network infrastructure and installation of a secure network infrastructure (Noonan, 2004). Two levels of policy have been defined for the use of the firewall system, designing, installation and management of the secure network infrastructure that will be for H&R. The first is the network service access policy which defines what services are restricted and those that are allowed into the restricted network of the organization (H&R). The second one is of a lower level and is dependent on the first policy. It defines how the restriction and access as per the first policy will be accomplished (Tipton & Krause, 2007). Another important accomplishment that has been achieved is the determination of an approach to identifying the appropriate secure network infrastructure for H&R. Wave secure data group provides an approach to determining a secure network infrastructure. This has helped in the determination of the required infrastructure (WSDG, 2009). 2: To analyze and evaluate secure network infrastructure for ecommerce strategies. E-Commerce strategies are those that ensure an organization achieves its aims such as selling its products. These strategies affect the type or the designing of the secure network infrastructure. Based on the strategies required for e-Commerce, the network infrastructure has to consider the possibility of increased traffic, possibility of connecting to other links for increased, the possibility of development of virtual catalogs, the possibility of intrusion from unauthorised personnel/outsiders among so many other factors. Because of these, this infrastructure has to have the capability of providing the e- Commerce services and providing the security required. As described above, implementation systems have been identified and their functionalities and features evaluated. The methods of implementing the secure network infrastructure as well as the regular procedures for determining the infrastructure’s vulnerability have also been determined. The requirements necessary for training users of the system have also been identified. 3: To investigate on the benefits of ecommerce and the use of internet on business in order to identify the benefits of the new system. The benefits of the new system have been identified and include: E-Commerce is more that selling of goods and provision of services. It links the organization (H&R) to its customers and prospects for collaboration and communication; it also links the organization to vendors, end users, channel partners and other intermediaries (Stone & Jacobs, 2001). It also enables free exchange of information, interactions, and services among organizations ad individuals of the value chain of the company. E-commerce enables establishment of a global market for the company’s products ad services (Stone & Jacobs, 2001). Internet cuts the cost of interaction and since e-Commerce involves the use of internet for communication, selling, marketing, buying, coordinating the people and the companies, monitoring the people and the companies and conducting other business interactions, the cost of interaction for the organization would be reduced (benefits). There can also be improved supply chain management and procurement. With e-Commerce, the overall operating cost is reduced, supply base is optimised, prices paid are lowered, control over inventory and spending is increased, and there is efficient use of personnel through outsourcing and immediate communications (Stone & Jacobs, 2001; Wilson, 2009). Stone & Jacobs also noted that e-Commerce enables addition of value to products and services through changing and improving old information and delivering them in new forms and creating new information based on customer requirements through the web devices, host gadgets and internet appliances (2001). With e-Commerce, a company operates for 24 hours in a day and seven days a week without any regard to a location hence extends its reach (Stone & Jacobs, 2001). 4. The fourth objective was to find the assumptions and constraints of the secure network infrastructure for e-Commerce. The constraints have been identified. Development in the technology system has led to an increase in computer crimes, information security problems and information technology –enabled frauds. These have led to several challenges all which are classified under: “The challenges of establishing appropriate information technology disaster recovery plans” The challenge of creating procedures and security policies that can sufficiently reveal the organizational new business processes and framework. The challenge of setting up good management practices that can be able to control operations of the organization (Dhillon, 2001). The challenge of determining the correct responsibility structures of the organization considering the information technology processes and the complex structuring of an organization (Dhillon, 2001). In order to deal with the above problems, it is necessary to understand the challenges which will give ideas on how to manage the security system. From the above information, a network infrastructure is prone to so many attacks and information technology frauds. Building a secure network would require identification of the threats and establishing methods of dealing with them while designing the infrastructure and developing the management system (Dhillon, 2001). References Cazemier, J. A, Overbeek, P. L. and Peters, M. L. C., 1999, Security Management. 10th Ed., New York, US: The Stationery Office. Convery S, 2004, Network Security Architectures, 2nd Ed. New York: Cisco Press Dhillon G, 2001, Information Security Management: Global Challenges in the New Millennium, London, UK: Idea Group Inc (IGI). Merkow, M., 1999, E-Commerce Security Technologies. Retrieved on 14th Nov, 2009 from: http://www.ecommerce-guide.com/news/trends/article.php/7761_253601 Noonan, W. J., 2004, Hardening Network Infrastructure, New York, US: McGraw-Hill Professional. SANS Institute, 2002, Building a Secure Internet Data Centre Network Infrastructure. Retrieved 13th Nov, 2009 from: http://www.sans.org/reading_room/whitepapers/modeling/building_a_secure_internet_data_center_network_infrastructure_73 Stone, B and Jacobs, R., 2001, Successful direct marketing methods. 7th Ed. New York, US McGraw-Hill Professional. Tassabehji, R., 2003, Applying e-commerce in business. England, UK: SAGE. Tipton, H. F. and Krause, M, 2007, Information Security Management Handbook, 6th Ed. Boston, Massachusetts: CRC Press. Wave Secure Data Group (WSDG), 2009, Information Security Approach, The Business of IT Solutions, Retrieved on 14th Nov, 2009 from: http://www.securedatagroup.com/downloads/InfoSec-DataSheet.pdf Wilson, J., 2009, Benefits of E-Commerce Web Development For Your Online Business http://ezinearticles.com/?Benefits-of-E-Commerce-Web-Development-For-Your-Online-Business&id=2746948 Window Security, 2002, E-Commerce Security Technologies: Fire Wall. Retrieved on 13th Nov, 2009 from: http://www.windowsecurity.com/whitepapers/ECommerce_Security_Technologies_Fire_Wall.html Read More