Systematic Security Management - Essay Example

Systematic Security Management Key characteristics of Information Confidentiality Integrity Availability Confidentiality: Confidentiality of the information means that the information is used pertaining to some context and this context is known only to the right person who is authorized to use the information. Users are not restricted to access the information but its value is only to the right user. It is like, letting the users as well as general public access the same information but by changing its context and usage subjectively, it may have different meaning to different people. For the security of confidentiality a number of measures are generally taken, which are as follows. Classifying the information under different heads for storage. Training the administration staff on security issues. Making the storage secure by password protecting or limiting the access. Providing trainings to the end users of information. Integrity: Integrity is being the information safe as an entity. It does not lose its constituents even by being used, updated or read by multiple users. Rights on changing the information are provided only to the user having authentic means to reach the information and proper authorized identity which is disclosed to the information cluster by the user and information is updated by user. At this stage referential integrity also comes into picture as there being multiple simultaneous users of the information for whom the information may be valuable and usable in some context. Integrity also pertains to the information being the same to all the assessors at any particular point of time i.e. information should retain its integrity both with time as well as user at that particular instance of time. Exposure to corruption, un-monitored changes and destructions disrupt the information to a corrupted or unauthentic state. Information can be corrupted while compilation or storage but in most of the cases it happens while transmission. Availability: Availability of information is that it is available for all the users at all the times, so that it can be reached by everyone and is received in an integral form. It also takes into context the positive as well as negative users of the information. It also depends upon the place where information has been stored and the place of the request from where information is being requested. Users can be a person, a group, an organization or another computer system or any web applications. Availability does not mean the public and open availability of information to the whole world but only to authentic and authorized users. Privacy: This characteristic of information makes the information usability possible only for the purposes known to the data owner. Information is not protected from observation, it can be seen by everyone but it is usable only in the ways known to the author. Identification: Information systems have a basic characteristic of identification of the information requester. A system has this characteristic when it can identify the individual user while user sends the request for the information. Authorization of an individual to the system depends upon identification and authentication of the user. Identification is the process of noticing the user from his credentials, that whether this user exists or not. Authentication: When identification of the user has been done, then the next process is authentication. In identification, system has got the identity of requesting user. Now here his identity is checked whether this is an authentic user to the system or not by making sure that the same identity is present in the user’s profile of the system. Authorization: When the process of identification and authentication is completed, it is checked that the requesting user has the authorization to the requested context and has been provided the authorization permissions from the proper authority. User should have been provided with specific and explicit authorization to access the information assets. Accountability: When a controlling system provides the assurance that all the actions taking place can be attributed to a named person or a process, the system is said to be accountable. It ensures that at least one person or process is accountable for the actions taking place on the content. Significance of key characteristics As today we live in a world of information, with lot of content and information lying on internet servers distributed on the globe. So any information is useful only if its key characteristics are taken care of. As if information is not confidential, a lot of important business decisions can leak from the strategic departments of the organization, which gives an organization’s strategic information to the competition, which is hazardous to any organization for its financial as well as strategic pursuits. Secondly if information packets are not uniform and integral units, it will be useless to all the accesses of the information. In this scenario information is available to most of the users but it has different meaning to more than one user or even to the same user, it has different meanings at different points of time. Third characteristic of information namely, Availability is quite evident from its name. Any information loses its value and meaning if it is not available to the right person at the right time. Privacy, authentication and authorization are to make sure the integrity, availability and security of the system. In the lack of these characteristics, information is just a collection of content, which no one knows how to access and anyone can access it without any permissions taken from the owner of the information General principles guiding a firm’s security architecture It is widely recognized that computer security needs to be addresses at the management level as well as the technology level. [1] The principles which guide the security architecture of a firm can broadly be classified into two approaches namely management of information security according to the traditional management theory and popular management theory. In the traditional way, it is done using planning, organizing, staffing, directing and controlling processes and in the popular theory principles of planning, organizing, leading and controlling are used. Planning: As in general management, planning is the first step for making plans for the thing needed to be done or to the objectives to be accomplished. In this part, first of all objectives of the system are decided and recorded so that the plans or strategies can be laid down to achieve those objectives. Planning can be of three types i.e. Strategic Tactical Operational Organization: The process of streamlining the resources for the achievement of objectives defined in planning process is called organizing. It involves management of human resources and assets for the efficient use of both to provide the best way of supporting the objectives. Following things are considered while organizing. Assessment of objectives and effort by defining the work to be done Laying down the order of execution and protocol for their accomplishment Identifying the key person for the particular objectives Defining the methods Putting time constraints on the action Leadership: Implementation of planning and controlling is encouraged and monitored by leadership. Additionally supervision, personnel issues, employee attitude and attendance is carried out by the leadership functions. Leadership is responsible for streamlining the direction of individual efforts to the realization of common objectives of the organization. Administration of resources, directing them and motivation activities of human resources is also addressed by leadership. Control: Process of controlling is to track the progress of activities towards the accomplishment of objectives. Checking out any variations from the planned and taking necessary actions to make the plan smoothly are the main activities in controlling. In controlling, critical points and processes are pin pointed at the time of planning and while a plan is progressing, the check points are monitored and adjustments or modifications are done using the specific control tools. Following are the categories of control tools. Information Financial as in budgeting Operational and administrative General management controlling So these principles are taken care of while managing the information security of an organization. It needs involvement of different levels of employees at different stages as information security is always crucial to every business and employee participation is vital for any information security planning. References [1] Panko, R.R. Corporate Computer and Network Security. Prantice Hall, Upper Saddle River, New Jersey, 2004. Read More