StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...

Assessment of Technology centric Strategies for information security in an organization - Essay Example

Comments (0) Cite this document
Summary
Over the past two decades, the information systems model has changed from a centralised one with limited access to a model that is distributed in terms of how information is collected, shared and made available. This change, together with improvements in computing infrastructure, has exposed new vulnerabilities that simply were not considered before…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER96.6% of users find it useful
Assessment of Technology centric Strategies for information security in an organization
Read TextPreview

Extract of sample "Assessment of Technology centric Strategies for information security in an organization"

Download file to see previous pages It is a "best practices" strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations." [National Security Agency]
Fahey (2004) graduated from the SANS GSEC course and uses their systematic approach to addressing risk through defense in depth. The SANS approach promulgates an efficient and cost effective methodology for improving security. The organization for which he works already had a number of policies, each designed to address a multi-layered approach to IT security such as operations security, physical security and contingency and disaster recovery. Furthermore external security personnel routinely came to the organization to perform security audits. He was concerned that one area which had not been addressed was:
"a systematic procedure designed to protect against electronic attacks from hackers. This was due in part to the false sense of security which comes from being behind a firewall and partly from a lack of experience in the information security field." (Fahey, 2004, p3)
In putting together a Defense in Depth security policy one must consider the characteristics of one's adversary, the motivation behind an attack and the class of attack. An adversary may be anyone from a competitor to a hacker. They may be motivated by theft of intellectual property, denial of service or simply pride in bringing down a target. Classes of attack include passive or active monitoring of communications, identity theft or close-in attacks. Besides deliberate attacks there may also be inadvertent attacks on the system, such as fire, flood, power outages - and most frequently - user error.
Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as:
Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation. The application of these services should be based on the Protect, Detect, and React paradigm. This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools and procedures that allow them to react to and recover from these attacks. No system is perfectly secure, and it has been argued that no system needs to be. To achieve Information Assurance focus must be balanced on three elements: People, Technology and Operations.
"Security goals have their own contradictions because confidentiality, integrity, privacy, accountability, and recovery often conflict fundamentally. For example, accountability requires a strong audit trail and end-user authentication, which conflicts with privacy needs for user anonymity." (Sandhu 2004, page 3)
Fahey's methodology for evaluating risk used the confidentiality, integrity, and availability (CIA) approach which emphasizes the importance to the organization of a particular information asset. This approach focuses budget managers on the real threats to reputation and therefore the business' ability to survive against its competitors.
Fahey focuses on 3 security risks in his article: passwords, policies and patches. Fahey's risk assessment relies heavily on SANS assessment of the top 20 risks for networks in 2003/4. This brings to light the ...Download file to see next pagesRead More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Assessment of Technology centric Strategies for information security Essay”, n.d.)
Assessment of Technology centric Strategies for information security Essay. Retrieved from https://studentshare.org/miscellaneous/1501863-assessment-of-technology-centric-strategies-for-information-security-in-an-organization
(Assessment of Technology Centric Strategies for Information Security Essay)
Assessment of Technology Centric Strategies for Information Security Essay. https://studentshare.org/miscellaneous/1501863-assessment-of-technology-centric-strategies-for-information-security-in-an-organization.
“Assessment of Technology Centric Strategies for Information Security Essay”, n.d. https://studentshare.org/miscellaneous/1501863-assessment-of-technology-centric-strategies-for-information-security-in-an-organization.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Assessment of Technology centric Strategies for information security in an organization

INFORMATION TECHNOLOGY: SURVEILLANCE SECURITY

... The report demonstrates a typical surveillance system for an organization, in order to protect the critical information assets from physical theft, unauthorized access, and natural disasters. Consideration is given to IP camera based surveillance systems, biometric systems for attendance and logging employee activity, Intrusion Detection systems for advanced security and enforcing access policies by active directory. Introduction Due to recurrent technological developments, information and communication technology frequently diverts in new dimensions. The research and development in the context of information and communication technology is very effective. Moreover, the new and advanced form of technology has also facilitated...
8 Pages(2000 words)Assignment

Technology of Information Security

...? Technology of Information Security Technology of Information Security Introduction The use of cryptography is a necessity for the consequence of the revolution of information in the world today. Electronic communications is widely used and to make conversations very confidential, cryptography gives the solution for the problem though it has been majorly spawned by a serious debate (Mel and Baker, 2000). The technique has been in existence for a long time but is not yet fully reliable thus posing a danger to all the information that is shared via the internet. Methods of encryption are on the rise because of the rapid growth in the technology sector all over the world. As technological advancement keeps coming, several reliable...
3 Pages(750 words)Essay

Information Technology Security

...? Information Technology and Security Introduction CIA de s confidentiality of information, integrity of information, and availability of information. Information bears significant value, especially in the contemporary business world. The protection of such information as bank account statements, credit card numbers, personal information, government documents, and trade secrets remain a critical part of information security. Confidentiality of information relates to safeguarding of information from disclosure to unauthorized parties (Feruza and Kim 2007, pp.19). Some of the dominant means of managing confidentiality on systems encompass access control lists, traditional Unix file permissions, and file and volume encryption. Encryption...
3 Pages(750 words)Essay

Computer Security Information Risk Assessment & Security Management

...First Assignment. In today's world Computers are used to store and process a variety of confidential information like financial data, records of criminals and the crimes committed by them, medical history of patients, social security data, a company's personnel and payroll data, inventory and sales data, weather data, troops deployment data, missile deployment data, satellite surveillance obtained topographical data, etc. This data is considered confidential because access to the Computer and its data is supposed to be restricted to a limited number of users. This confidentiality can be compromised in a variety of ways. For example, integrity and confidentiality of computers and their data can be compromised by computer viruses and worms...
4 Pages(1000 words)Essay

Information Technology Security

...Information Technology Security Submitted by: XXXXX XXXXXXX Number: XXXXXXXX of XXXXXXXX XXXXXXXX XXXXXXXXX Subject Code: XXXXXXX Date of Submission: XX – XX – 2009 Number of Words: 3892 (Excluding References) Table of Contents Table of Contents 1 Introduction: 2 What is Computer Related Crimes: 3 Types of Computer Related Crimes: 4 Conclusion: 14 References 16 In the world today where much depends upon computers and their associated networks, computer –related crime appears to becoming a major problem. Describe and analyse the range of computer related crimes and, based on this analysis, offer up some effective countermeasures. Introduction: Over the past few decades technology has grown to great heights and is still improving...
15 Pages(3750 words)Essay

Technology of Information Security

TECHNOLOGY OF INFORMATION SECURITY Technology of Information Security Affiliation At the present, the majority of business organizations use a distributed computing environment to store their data and information. In this scenario, their data and information are stored in different locations. For instance, in many cases data and information are kept on a centralized server. On the other hand, some organizations prefer to store their data in the decentralized data storage system. In this scenario, each user is individually responsible for managing and updating his own data on his own computer. However, the most commonly used scenarios at the present are a mixture of these two solutions, where some data are stored on a centralized s...
2 Pages(500 words)Essay

Information Technology- Security

...Information technology- Security Information technology- Security Information Assurances Information assurance describes the measures that organizations take to protect and restore the quality of information in a bid to enhance the reliability of its sources. According to Herold & Rogers (2011), the concept has many dimensions that include completeness, validity, steadfastness, timeliness, integrity and confidentiality. In organizations, the protection of information from unauthorized access and alteration is the main aim of information assurance. As such, the appropriate use of information helps in securing organizations from risks. In the United States, records concerning the use of information indicate that the concept has been...
2 Pages(500 words)Research Paper

Information Technology Security

... files containing passwords or different authenticators must be scrambled and the passwords should not be transmitted in clear content. Entitlement Reviews A qualification audit is an occasional appraisal of real privilege benefits and authorizations to frameworks and information to guarantee that get to specific data resources is legitimate and constrained to the needs of the relegated part or occupation work as directed by the clients director. It permits the determination of which clients have entry to frameworks and data, and whether that gets to follow the associations security strategies. The audit ought to analyze the levels of access every individual has, similarity with the idea of minimum benefit, whether all records are still...
11 Pages(2750 words)Essay

Language Learning Strategies of Listening Comprehension

... to prove they have mastered the criteria. Do students know the evaluation and assessment scheme of how their performances will be judged? If they do, they can tailor their studying techniques to reflect what will be required of them during their education in a particular course. Finally, learning activities are activities students engage in while learning. Developing study habits that enable a learner to learn things in a more organized and efficient manner is one example of learning activity. Despite having the repertoire of strategies for learning to read, some students will fail to access the appropriate strategies (Wong, 1996). This is an important point regarding metacognition because it means that students have not learned efficient...
10 Pages(2500 words)Case Study

Organization and Functions of Federal Law Enforcement Agencies

Threats may either appear in the form of terrorism or from other intelligence groups or from the espionage. It may arise within the country, against the existing government or social systems. Though most of the federal law enforcement groups are investigative groups, they are not only focused on investigations but stand for the people. One can see that the importance of the federal agencies is growing day by day because the threats from militants and others have considerably increased. Such kinds of federal law enforcement agencies include Federal Air Marshalls, Secret Service, FBI, Untouchables, C.I.A and Federal Corrections etc. The organization and functions of these agencies vary in different fields and can be cited in the fol...
7 Pages(1750 words)Case Study

Can One Person Make a Difference in an Organization

Each individual has something to contribute but at times one person can make a difference to an organization.
Technology today has made it possible to retain and conserve knowledge and transmit it to other people in an organization. The knowledge that has been created by a single individual can be a powerful weapon when retained, transmitted, disseminated and applied. According to Nonaka, new knowledge begins with an individual (Chaston, Badger & Sadler-Smith, 1999). When the new knowledge is generated it is merged with the existing knowledge and new knowledge from other sources and provides the basis for new products and processes. Thus knowledge has been classified into two categories – explicit and tacit. Explici...
6 Pages(1500 words)Case Study

The Relationship Between Security, Risk and Health in a Large Organisation

... when a firm’s strategic plan needs to be developed. When dealing with these issues, managers in modern organizations tend to use appropriately customized policies – in accordance with their firms’ needs and the resources (employees, funds, technology) available. Current paper focuses on the examination of the various aspects of security, risk, health and safety within large organizations; Particular emphasis is paid on the fact that the demands of each one of these factors may be differentiated under the pressure of the market conditions and the organizational priorities. The case of Shell in Nigeria has been used as an example in order to show the potential co-existence and interaction of these factors within a specific organizational...
9 Pages(2250 words)Coursework

International Security Studies: Examination

Globalization affects international security in the sense that problems involving terrorism, the environment, religious extremism, weapons of mass destruction, and the economic crises have become more universal and widespread in character (Ivanov “Article”). As a result, these issues pose a greater threat to national and international stability and safety. More lives are now affected by threats to international security; these threats did not seem too ominous before the entry of globalization. Consequently, some extremists justify the use of mass weapons of destruction in order to guarantee their security. And as globalization continues to expand and to grow bigger as a phenomenon, threats to international security are...
7 Pages(1750 words)Assignment

Strategies of the South African Government

Maslow has argued that security and safety are required by all human beings (Boeree 2006). According to the Federation Internationale de Football Association (2009), Uruguay was the first nation to host the Fifa World Cup. In 2010, South Africa would be the first African nation to host the next World Cup. But Euromonitor (2009) considers that South Africa is a country with a significant rate of insecurity that would influence the trip to South Africa. Various security strategies will have to be reviewed by the South African Government in order to implement security and safety during this big event (Republic of South Africa, 2008). To accomplish the safety of the tourists during the World Cup 2010, many South African cities have in...
17 Pages(4250 words)Research Proposal

Role of the Police and Private Security

... owned companies operating in the country and abroad for this purpose. But as of now, official government use of private agencies for intelligence gathering is primarily to gather information of terrorist activities. But like private security agencies, there are many companies offering services to non-governmental organizations and individuals to gather intelligence and information on a variety of areas. There are opinions that a private public cooperation be established with regard to official transfer of information gathered by private agencies to government run security agencies (Newburn 279). But since the United States has a long history of providing private intelligence gathering services (popularly known as private detectives...
8 Pages(2000 words)Case Study

Business Information Systems

...Club IT - Part Three of Phoenix BIS 219 Introduction to Business Information Systems Club IT – Part Three _________ _________ DATE ________ Table of Contents Table of Contents 2 Abstract 3 Overview 3 Business background 4 Current Technology Structure of Club IT 5 Problem Assessment 5 Club IT Business Goal and Strategy 6 Assessment of Needs 7 IT Solutions for Club IT 8 Decision Support Systems/ DSS 8 Customer Information System 8 Data Mining for Business Performance 9 Enterprise Resource Planning 10 Supply Chain Management 11 Customer Relationship Management 11 Conclusion 11 Bibliography 12 Abstract Club IT is a nightclub that is currently operating with the traditional technology structure. Club IT nightclub is most popular club in its...
8 Pages(2000 words)Case Study

Global Employee Information and Consultation: Replicating the European Model

A significant step to enhancing the employees’ right to information and consultation is the establishment of the European Works Council (EWC). The EWC Directive (94/45/EC) aims to improve cooperation in transnational companies and to allow trade unions to influence, at least indirectly, the decision-making of corporations (Lockwood and Williams). It requires community-scale undertakings and community-scale groups of undertaking to create this mechanism for regular consultation of the workforce. A ‘community-scale undertaking’ is one with at least 1,000 employees within the Member States and at least 150 employees in each of at least two Member States (Lewis and Sargeant).

An EWC is a forum that would a...
9 Pages(2250 words)Coursework

Self Assessment: Conflict Management Style

... indicate name) (Subject) (Date of submission) Self Assessment: Guiding Ethical Principle 1. What are the pros and cons of your primary ethical principle in terms of advancing up in the corporate ladder? Discuss. I believe that if Rights Theory will be the topmost ethical code observed, there will be a less percentage of turn-over since employees will most likely stay with the company that makes them feel more valued, appreciated and rewarded. In addition, healthy work environment is being promoted given the fact that the employees feel more secured that they are standing on the solid ground and that the company will not let go of them easily. However, it cannot be avoided that some employees will take advantage of the knowledge...
7 Pages(1750 words)Essay

Information Technology Security Risk

... systems. The common threats related to natural disasters are floods, tornadoes, earthquakes etc. The common threats related to human includes hacking, cyber crime, viruses, malicious software attack, un authorized access to organization’s critical data, and deliberate actions. The environmental threats include substantial power failure, any chemical leakage, liquid spilled on any computing component etc. The output of this step is the identification of potential threats, which may disrupt the network and information systems in the future. The third step is to analyze any possible vulnerability within the network. This step concludes the weaknesses and flaws which are currently present in the network security architecture. The assessment...
13 Pages(3250 words)Research Paper

Information Technology: Surveillance Security

... The report demonstrates a typical surveillance system for an organization, in order to protect the critical information assets from physicaltheft, unauthorized access, and natural disasters. Consideration is given to IP camera based surveillance systems, biometric systems for attendance and logging employee activity, Intrusion Detection systems for advanced security and enforcing access policies by active directory. Introduction Due to recurrent technological developments, information and communication technology frequently diverts in new dimensions. The research and development in the context of information and communication technology is very effective. Moreover, the new and advanced form of technology has also facilitated...
8 Pages(2000 words)Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Essay on topic Assessment of Technology centric Strategies for information security in an organization for FREE!

Contact Us