StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Management and Information Security - Assignment Example

Cite this document
Summary
The paper "Management and Information Security" is a wonderful example of an assignment on management. "The project management body of knowledge constitutes areas concerned with processes and knowledge which are universally accepted as good practice with regard to project management. PMBOK outlines the provisions of any efficient project management…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.7% of users find it useful

Extract of sample "Management and Information Security"

Running header : Management and Information Security Student’s Name: Instructor’s Name: Course Code & Name: Date of Submission: Question 1 Project management body of knowledge constitutes of areas concerened with processes and knowledge which are universally accepted as good practice with regard to project management. PMBOK outlines the provisions of any efficient project management. PMBOK IS an universally accepted standard ISS 2003.PMBOK is comprised of 5 basic processes together with 9 knowledge bases essential in any project management irrespective of the sector concerned (Haughey 31). According to Haughey, the processes are initiating, planning, executing, monitoring/controlling and closing. The knowledge area are procurement planning, project integration management, time management, quality management, scope management, cost management, risk management, communication management and human resource management. Project procurement planning Project procurement planning is a knowledge concerned with processes involved with acquisition of goods plus services for a project. Project procurement management involves the following processes: procurement planning, solicitation planning, solicitation, source selection. Contract administration and lastly contract closeout. Procurement planning identifies the needs of the project that need to be procured. Procuring in this stage is aimed at ensuring that the project is able to get quality goods and professional services so that it can be able to meet its objectives. Procurement planning states the scope of the project outlining the project’s needs, product description which identifies any technical information that must be taken into consideration when planning, procurement resources which outlines who will supply the resources that the project need and lastly market conditions which identifies which goods and services can be gotten in the market and the specific person who can deliver than and the terms and conditions of the person. Solicitation planning involves the documentation of the product requirements and outlining potential sources for the products and services. Solicitation involves the obtaining of bids, offers, quotations and proposal from the potential suppliers and sellers. Source selection involves the choosing the best supplier/ seller from the potential tenders according to a selected selection criteria. Contract administration involves the signing of a contract with the seller/ supplier which outlines the terms and conditions of the transactions. The section also maintains a good relationship with the seller/supplier. Contract close out is the last process and involves the settlement of the contract after the terms and conditions outlined in it have been met. Project procurement planning is an essential knowledge needed in any project management which ensures that the project is able to acquire what it needs for its efficient running. Project procurement, management is usually headed by a procurement officer. Question 2 The security of any system is the paramount objective of the system development team. System security ensures that the system is not accessible to unauthorized people. In so doing, the organization gets assurance that the information in its system is unlikely to land in unwanted hands. The analysis phase of the system development life cycle is involved with analyzing if a system has met its requirements or not. Top among the requirement of a system is ensuring that the information security is guaranteed. Understanding the potential risks is vital in any system development. A thorough risk assessment should be conducted on the system so as to determine the potential risks to the system. A threat assessment team should be established which will look in to the loop holes and weaknesses of the system which might make it easier for threats to find their way into the system. The assessment team should include professionals in the field, users, operational experts and technological experts. Understanding potential threats therefore entails: identification of possible loopholes which can make the entrance of threats to the system easier, identification of the most probable threats to the system for instance viruses, hackers, worms and providing a security measure to counter the threats. In order to be able to understand the enemy, one must know the effect the enemy has on a system. common effects of enemies to a system include, information destruction or loss, slow done of the system, in effectiveness of the system whereby it does not do what its is instructed to do, inability to gain access to certain sections of the system and file replication among other effects (Lucas 3). The enemy can also be understood by the kind of information that is in a certain system. Specific information is more likely to attract specific type of enemies hence enabling the analysis team to have a speculation of which enemies to expect. The level of an organization in the public profile is also more likely to attract enemies. For instance a system belonging to the national intelligence is more likely to have enemies whose main intentions are getting access to specific information or damaging the information. Therefore, an enemy is best understood when its intentions are known. In so doing its behavior can be outlined for instance the multiplication and mutation of viruses when they have access to a system. In order to know if the analysis has covered all the bases likely to get attacks from an enemy, the system development team should conduct a test on a system. This is done in order to identify weaknesses and loopholes that could not be established during the system’s development or unforeseen problems or occurrences. An evaluation of the system’s success against its objectives should be conducted so as to determine if the system achieved its goals (Dennis 16) Question 3 Disasters are due to occur in any field. In many cases, the disaster has a very bad effect on the functionality of a business organization depending on the severeness of the disaster. In an information system, the most probable disasters are caused by entry of unauthorized parties to the system. a disaster recovery plan is a plan aimed at enabling the organization to gain control of the system and the organization as a whole. It is meant at ensuring the continuity of the business (Penson ,1 ). The main objective of a disaster recovery plan is to restore the system back to the normal functionality. The following is an analysis of a sample disaster recovery plan titled Business Continuity Planning (BCP). The plan has the following requirements of a good disaster recovery plan: The plan has been able to formulate the planning group. This is the group given the task of making the recovery plan and ensuring that it is successful. The plan has conducted an assessment on the disaster and the problems that have resulted because of it. This enables the management to be able to figure out the most appropriate method of recovery. The recovery plan also has well laid out recovery strategies. The type of strategy chosen is usually determined by the nature of the disaster and the extent of damage caused by it. The more the damage the more entailing the strategy will be and vice versa. A competent recovery team should have the capability to identify the best strategy for certain disasters. Data recovery is a common strategy taken by many organizations since data loss is a common disaster. There are proffessioanal data recovery specialists to whom an organization can out source such kind of work in case the organization’s staff is not in a position to do so efficiently. The plan also has an inventory of the plan which is also accompanied by documentation. Lastly, the recovery plan has verification criteria which enables the organization to access the success of the recovery plan. The above requirements are in line with the requirements of an efficient disaster recovery plan. In addition the recovery plan has identifies a system recovery time. A recovery time is identified after the disaster has already occurred and is a must include in any recovery plan. Together with the recovery time is the recovery point. The plan should be able to restore the system to a time when it best functioned previously. The restore point is usually determined by the system analyst who identifies a time before the disaster which the system will be restored to. The above characteristics of the disaster recovery plan make the plan under analysis an effective plan capable of dealing with vast types of disasters likely to happen. Question 4 An enterprise information security policy is a document containing the exact requirements that must be taken in to consideration and met accordingly (SANS 4). An information security policy usually targets a specific area of focus. Examples of enterprise information security policies include: acquisition assessment policy, Bluetooth device security policy, information sensitivity security policy, risk assessment policy among others. The following section looks at aspects of an enterprise information security policy. The section takes into consideration a risk assessment policy drafted by SAANS institute. The following are some of the aspects of the policy that have been identified. Purpose The purpose of a policy state the reason as to why the policy was drafted. For instance the purpose of the risk assessment policy by SANS is to empower the information security (info sec) to carry out scheduled information security assessments with the aim of determining the weak points of the system which are due to make the system vulnerable. Policy The policy outlines the party which is responsible for the development, execution & implementation of the remediation programs. For instance in the policy by SAANS, the responsibility is bestowed to Info Sec and the department which is under assessment. The policy also outlines the responsibilities of each and every part that is concerned with the system being analyzed. In so doing, the executing body will be able to figure out which system is not functioning well and the specific person in contact with it and possibly figure out his/ her connection to a the malfunctioning of the system. A policy basically outlines what is to be done and who to do it. Enforcement This aspect specifies the repercussions that anyone found guilty of violating the policy would face. A policy which does not have a means of enforcing it is as good as dead since it lacks the measures to ensure that it achieves its objectives. For instance, the risk assessment policy by SANS specifies that any employee found guilty of violating the policy will face a disciplinary action which can be to the extent of employment termination. Definitions This aspect defines the terminologies used in the policy. More often than not, a policy may include legal and technological jargon which may not be understandable to the common employee. The definitions aspect ensures that the policy is made understandable to anyone reading it. The risk assessment policy by SANS can be used by any organization which wishes to carry out a periodic risk assessment on its systems, for example a banking institution. Question 5 Information security breaches are common and usually affect the functionality of an organization in addition to causing great losses to the organization. Information security breaches may also affect the clients to an organization leading to losses in form of money of vital information. Here are examples of recent information security breaches. There are reported cases of healthcare data breaches. This is according a research done by the Identity Theft Resource Center. The breaches are caused by poor data handling methods which have led to encryption and data loss (Medical Quack 67). Aetha Insurance has suffered from data breach which resulted to the renowned insurance company having to contact its customers telling them that their personal information had been exposed (Deutsch 7). A brokerage firm, D. A. Davidson has been hit by a data breach in 2008. As a result, the company had to part with $375,000 for its failure to protect its customers’ information. The brokerage firm suffered the breach when its computers were targeted by information security enemies which led to vital information on the clients being downloaded (Roberts, 67). The main targets of information breaches are businesses and organizations dealing with large volumes of money and people. This is due to the fact that the perpetrators of the information crimes also have intentions of gaining money from their crimes. The perpetrators are also with the intent of making other organizations to collapse by reducing the customer’s confidence on the organization. More often than not, most breaches are conducted by competitor organizations which want to reduce the influence of the target organization in the market. For instance loss or exposure of clients’ personal data would lead to customers losing confidence in the organization leading to the organization’s demise. The main targets of the breaches are big organizations due to their influence in the market. Their level of competitiveness in the market, number of people associated with the organization and the potential harm a breach on such an industry can cause in the market. However, breaches in smaller organizations do occur but fail to find their way to the news. This is because they affect a smaller group of people, an organization with a lower influence in the market. This is because of the fact that a large number of people will cause trouble in the market as opposed to a smaller group of people hence making news. Any organization has its enemies with disregard to its size. Works cited Deutsch, W. High Profile Data Breaches. Business Information. 7.3 (2009): Dennis, S. Introduction to System Analysis And Design. 2nd ed. (2009): 1-26 Haughty, The project management body of knowledge. Project Smart. 12. 3(2011):21-40 Lucas, J. The Malicious Logic Battle: Understanding the Enemy. Enterasys Networks. 1st ed. (2011): 1-8 Medical Quack . Health Care Data Breach Cases Reported Outnumbers Financial Breaches By Over 3 To 1, The Medical Quack. 19.1 (2010) : 56-76 Penson, Disaster Recovery Plan. 2th ed. (2009) : 1-17 Roberts, C. R. Brokerage Firm Fined$375,000 in Data Breach Case. The News Tribute. 2011 SANS. Risk Assessment Policy. SANS Institute 19.7(2011) : 1-8 SANS. Information Security Policy Templates. SANS Institute. 16. 5(2011) : 11-26 SANS institute. The Disaster Recovery Plan. SANS Institute. 3rd ed. (2010): 1- 14 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Management and Information Security Assignment Example | Topics and Well Written Essays - 2000 words, n.d.)
Management and Information Security Assignment Example | Topics and Well Written Essays - 2000 words. https://studentshare.org/management/2078378-management-and-information-security
(Management and Information Security Assignment Example | Topics and Well Written Essays - 2000 Words)
Management and Information Security Assignment Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/management/2078378-management-and-information-security.
“Management and Information Security Assignment Example | Topics and Well Written Essays - 2000 Words”. https://studentshare.org/management/2078378-management-and-information-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Management and Information Security

Data Governance, Quality, Integration, and Security

This paper will review data Management and Information Security practices of an organization.... Data Governance, Quality, Integration and security Name: Institution: Data Governance, Quality, Integration and security Information that is in raw, unorganized or unprocessed form representing or referring to ideas, objects and conditions is known as data (Resnik & Yarowsky, 2000).... Data, available universally and limitless in its nature, is the raw material in the information and communications technology world....
4 Pages (1000 words) Essay

Computer Security Policies

To further enhance our capabilities aside from our modern infrastructure and certified personnel, our company has started the “road map” to ISO 17799/27001 – Code of Practice for Information Security Management and Information Security Management Systems certification.... This is a globally-recognized information security certification that ensures a company practices globally-accepted and best practices in information security – all our corporate policies are based on this ISO standards....
4 Pages (1000 words) Essay

My Dreams is An Iconic IT Professional

These certificate courses have been of great effect in my daily access with network Management and Information Security operation in the required fields of my job.... All the years of my work, I was analyzing the strength in my inner- person to explore the possibilities of information technology with an addicted passion to find a support mechanism to ensure information security.... et me be humble on disclosing that I have obtained two different Board's Diploma in Information Technology and information System....
2 Pages (500 words) Admission/Application Essay

Security Best Practices

The paper also mentions some of the issues that I discussed in my paper such as physical security, vendor Management and Information Security officers.... As I search for "security best practices", several internet articles had topics on the information security officer, vendor management, as well as physical security.... The first thing that every security program should do is establish the existence of the information security Officer (Putvinski 1)....
2 Pages (500 words) Case Study

Management and Information Security - Project Management Body of Knowledge

The object of analysis for the purpose of this paper "Management and Information Security - Project Management Body of Knowledge" is the Project Management Body of Knowledge as a collection of processes and various knowledge areas which are involved in the project management discipline.... The Project management Body of Knowledge is an internationally recognized standard that provides fundamentals of project management in areas that include construction, engineering, automobile, etc....
8 Pages (2000 words) Assignment

Information and Communication Technology Management and Information Security

As the paper "Information and Communication Technology Management and Information Security" outlines, the Project Management Body of Knowledge consists of a set of procedures and various knowledge areas normally acknowledged as the most excellent practice inside the project management control.... As a globally recognized standard (IEEE Std 1490-2003) PMBOK offers the basics of project management, irrespective of the kind of project such as how it is structured, engineering, software, automotive, etc....
6 Pages (1500 words) Assignment

Information and Communication Technology Management and Information Security

This paper "Information and Communication Technology Management and Information Security" examines different categories that can be used for sensitive information answering the question of when designing a system, how does one determine how many categories are necessary.... When designing a system the determination of the number of categories needed for information security depends on the type of information that is in the organization as well as the purpose of the organization or institution....
7 Pages (1750 words) Assignment

Information Security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring

The purpose of this discussion "information security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring" is to provide the reader with a more informed understanding of the standard of due care in information security in relation to due diligence.... information security is the aspect of keeping and protecting information from unauthorized access, presentation, modification, and even destruction, which would attribute to huge losses mostly in organizations....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us