Managing Email Security in Organizations - Assignment Example

MANAGING EMAIL SECURITY IN ORGANIZATIONS College: Managing Email Security in Organizations Introduction Different companies, state corporations, financial institutions, domestic and other sector rely on computers to enhance their activities. One area that greatly relies on computer is the information technology field. (Wong and Yeung, 2009). There is need for the design and installation of a security control system to help in the detecting, cleaning and deleting threats that occur. To protect organization information it is necessary to select and implement proper and up to date security control measures. (Department of Defense, 2000). These measures include the management, technical, operations and counter measures undertaken to enhance the protection of a companies information systems. The information security system helps to protect the integrity, confidentiality availability and credibility of the information being received and sent via the internet (Sehun, 2008). Types of Security Systems Available The main threats that affect information systems include; Spywares: these are programs that monitor keystrokes and other activities being performed by the computer and send the information to others without the consent of the computer user. Spywares also play adverts on the computers and are privacy invasive software. Trojans: these programs steal information from the infected computer and send it to a third party by pretending to perform a given task. They also alter the computer and the information and other programmable devices. Malware: this is a generalized term, used to describe software that maliciously damage the computer and other programmable devices as well as spying and sending information to another person without the consent of the user. Viruses: these programs are able to replicate themselves. They integrate themselves to the existing programs and files. By doing this, they hinder the information from the user and also corrupt the information. Worms; they replicate themselves on the computer network. They perform malicious and unintended activities and affect global society. Bots: these programs use the computer resources without the consent of the computer user. The main areas of security testing are Testing the penetration of the Malware or virus Detecting the intrusion once they occur Responding to the detected threat once it occurs Conducting an audit to find if the system performs well Some of the existing methods for controlling email security include; The introduction of password on all information files Encrypting the information sent on emails The use of antivirus and anti Spywares Standards used in the email security standards The ISO/IEC 2700 series consist of a set of information standards which were formulated and published by International Electrotechnical Commission (IEC) and The International Organization for Standards (ISO). The following standards are commonly used; ISO/IEC 27000; which contains information about the family of standards and contains the terminologies used ISO/IEC 27001; it contains the standards for the establishment, implementation, improvement and control of information security management. The are based on British standards, BS 7799 part 2, they published ISO/IEC 27002 ISO/IEC 27005; these standards are designed to aid in the implementation of information security system. They are based on the risk management methods. ISO/IEC 27006: these acts as guides to the process of certification and registration. ISO/IEC 27011: they contain the guidelines for the security management of information for the telecommunication industry. ISO 27001 provides information about standards used for Email security systems (ISO 27001). This information is contained in the fourth chapter of the standardization report. Other standards are being prepared. (National Institute of Standards and Technology, 2005) Problem statement Network insecurity problem is experienced in most corporations and organizations and has lead to heavy loses. The existing methods of network security are not very effective as new superior threats are detected every minute. Furthermore, with the introduction of the fiber optic cable it is expected that more security threats will be experienced. This calls for the detailed research on the performance of different email security software's and recommending to corporation and other institutions the best software to use to. Objectives The main objective of this paper is to look for the best email security system that can be used by organizations to limit security threats experienced in these organizations. The specific objectives are; To conduct a survey about the existing email security systems Research about the standards applied in email security systems Research about the fiber optic cable and establish the new email security threats that may occur Develop an integrated solution for countering the security threats experienced in organizations, Justification/ significance of study By conducting this research, it will be possible to recommend to corporations and organization the most appropriate method for managing the risk of loss or alteration of information. Through the study of the security threats due to the introduction of the fiber optic cable, it's possible to formulate solution that will reduce the risk of information loss.. Research Methodology Collection of data The first step will be the collection of data from the internet, this will involve a detailed study of the different email security systems used in different organizations (Paypal, 2009and (Wells Fargo, 2009). These organizations include; Banks Utilities Stock brokers State corporations Private companies (Richardson, 2005) and (Doughty, 2002) The data to be collected includes The type of email protection security system used by the corporation. Type of organization The reasons for adapting the current internet security system The drawbacks of using the email security system The rate of penetration of the different type of virus and Spywares The overall effects of using the security system. that is, evaluating its effectiveness (Shirley, 2008) Establishing the cost of installation, management and operation of the email security system. (Susan, et al, 2003) Research about the fiber optic system Detailed study about the security threats caused by the use of the fiber optic cable will be studied. The data will be collected from companies currently using the services provided by the fiber optic cable. The data will be tabulated in the table shown below. Name of company Email based software used by the company Cost of software The effectiveness of the software. Comments about the software from system administrator The effectiveness of the software used is determined by; The ability of the program to detect intrusion once they occur How the software responds to the detected threats Conducting an audit to find if the system performs well To analyze the data, an index will be developed to show the performance of the email security software. The index is formulated using the following parameters. The effectiveness of the email security software The availability of email security system Time taken for the company to develop updates and the cost of these updates The cost of the software and updates Other factors(for example, personal preference for using a given software) Based on this index the best software can be recommended to the company. References Wong, A and Yeung, A.2009. Network Infrastructure Security. New York Springer publishers. Shirley R.2008.Security Assessments: Tools for Measuring the Effectiveness of Security Controls. Computer Security Division; Information Technology Laboratory, National Institute of Standards and Technology. Department of Defense. 2000. Department of Defense Information Technology Certification and Accreditation Process (DITSCAP) Application Manual. New York :US Government Printing Office. National Institute of Standards and Technology, (NIST). 2005. Guide for Assessing the Security Controls in Federal Information Systems. New York: US Government Printing Office. Doughty, K.2002. "Information Technology Auditing and Facilitated Control Self-assurance," Information Systems Control Journal. ISO 27001 security.2008. Security Policies. [Online]. Available at: http://www.27001-online.com/secpols.htm Accessed 30 June 2009. Richardson, T.2005. Simple Notes on Internet Security and Email. [Online].available at: http://tim-richardson.net/joomla15/index.phpoption=com_content&task=view&id=31&Itemid=51 Accessed 29 June 2009. Paypal.2009. Security Tips and Fraud Prevention. [Online] available at http://www.paypal.com/cgi-bin/webscrcmd=p/gen/fraud-prevention-outside Accessed 27 June 2009 Wells Fargo. 2009. Mobile, Computer and Email Security Tips. [Online] available at https://www.wellsfargo.com/privacy_security/fraud/protect/online_tips accessed 26 June 2009 Microsoft. 2006. Improve the safety of your browsing and e-mail activities.[online] available at; http://www.microsoft.com/protect/computer/advanced/browsing.mspx accessed 28 June 2009 Bellovin, S. 1989. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review. Chapman, D. and Zwicky, E. 1995.Internet Security Firewalls. O'Reilly, Sebastopol: Calif. Oppliger, R. 1995. Authentication and key distribution in computer networks and distributed systems In Communications and Multimedia Security. London: Chapman & Hall. Sehun, K. 2008.Intrusion Forecasting Framework for Early Warning System. IEICE - Transactions on Information and Systems. Susan, J. Ramesh, S. and Mark, W.2003.Establishing The Business Value Of Network Security Using Analytical Hierarchy Process, Creating Business Value With Information Technology: Challenges And Solutions. Hershey. Idea Group Publishing Read More