StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Systematic Security Management - Essay Example

Cite this document
Summary
This essay "Systematic Security Management" discusses confidentiality of the information that means that the information is used pertaining to some context and this context is known only to the right person who is authorized to use the information…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.2% of users find it useful
Systematic Security Management
Read Text Preview

Extract of sample "Systematic Security Management"

Systematic Security Management Key characteristics of Information Confidentiality Integrity Availability Confidentiality: Confidentiality of the information means that the information is used pertaining to some context and this context is known only to the right person who is authorized to use the information. Users are not restricted to access the information but its value is only to the right user. It is like, letting the users as well as general public access the same information but by changing its context and usage subjectively, it may have different meaning to different people. For the security of confidentiality a number of measures are generally taken, which are as follows. Classifying the information under different heads for storage. Training the administration staff on security issues. Making the storage secure by password protecting or limiting the access. Providing trainings to the end users of information. Integrity: Integrity is being the information safe as an entity. It does not lose its constituents even by being used, updated or read by multiple users. Rights on changing the information are provided only to the user having authentic means to reach the information and proper authorized identity which is disclosed to the information cluster by the user and information is updated by user. At this stage referential integrity also comes into picture as there being multiple simultaneous users of the information for whom the information may be valuable and usable in some context. Integrity also pertains to the information being the same to all the assessors at any particular point of time i.e. information should retain its integrity both with time as well as user at that particular instance of time. Exposure to corruption, un-monitored changes and destructions disrupt the information to a corrupted or unauthentic state. Information can be corrupted while compilation or storage but in most of the cases it happens while transmission. Availability: Availability of information is that it is available for all the users at all the times, so that it can be reached by everyone and is received in an integral form. It also takes into context the positive as well as negative users of the information. It also depends upon the place where information has been stored and the place of the request from where information is being requested. Users can be a person, a group, an organization or another computer system or any web applications. Availability does not mean the public and open availability of information to the whole world but only to authentic and authorized users. Privacy: This characteristic of information makes the information usability possible only for the purposes known to the data owner. Information is not protected from observation, it can be seen by everyone but it is usable only in the ways known to the author. Identification: Information systems have a basic characteristic of identification of the information requester. A system has this characteristic when it can identify the individual user while user sends the request for the information. Authorization of an individual to the system depends upon identification and authentication of the user. Identification is the process of noticing the user from his credentials, that whether this user exists or not. Authentication: When identification of the user has been done, then the next process is authentication. In identification, system has got the identity of requesting user. Now here his identity is checked whether this is an authentic user to the system or not by making sure that the same identity is present in the user’s profile of the system. Authorization: When the process of identification and authentication is completed, it is checked that the requesting user has the authorization to the requested context and has been provided the authorization permissions from the proper authority. User should have been provided with specific and explicit authorization to access the information assets. Accountability: When a controlling system provides the assurance that all the actions taking place can be attributed to a named person or a process, the system is said to be accountable. It ensures that at least one person or process is accountable for the actions taking place on the content. Significance of key characteristics As today we live in a world of information, with lot of content and information lying on internet servers distributed on the globe. So any information is useful only if its key characteristics are taken care of. As if information is not confidential, a lot of important business decisions can leak from the strategic departments of the organization, which gives an organization’s strategic information to the competition, which is hazardous to any organization for its financial as well as strategic pursuits. Secondly if information packets are not uniform and integral units, it will be useless to all the accesses of the information. In this scenario information is available to most of the users but it has different meaning to more than one user or even to the same user, it has different meanings at different points of time. Third characteristic of information namely, Availability is quite evident from its name. Any information loses its value and meaning if it is not available to the right person at the right time. Privacy, authentication and authorization are to make sure the integrity, availability and security of the system. In the lack of these characteristics, information is just a collection of content, which no one knows how to access and anyone can access it without any permissions taken from the owner of the information General principles guiding a firm’s security architecture It is widely recognized that computer security needs to be addresses at the management level as well as the technology level. [1] The principles which guide the security architecture of a firm can broadly be classified into two approaches namely management of information security according to the traditional management theory and popular management theory. In the traditional way, it is done using planning, organizing, staffing, directing and controlling processes and in the popular theory principles of planning, organizing, leading and controlling are used. Planning: As in general management, planning is the first step for making plans for the thing needed to be done or to the objectives to be accomplished. In this part, first of all objectives of the system are decided and recorded so that the plans or strategies can be laid down to achieve those objectives. Planning can be of three types i.e. Strategic Tactical Operational Organization: The process of streamlining the resources for the achievement of objectives defined in planning process is called organizing. It involves management of human resources and assets for the efficient use of both to provide the best way of supporting the objectives. Following things are considered while organizing. Assessment of objectives and effort by defining the work to be done Laying down the order of execution and protocol for their accomplishment Identifying the key person for the particular objectives Defining the methods Putting time constraints on the action Leadership: Implementation of planning and controlling is encouraged and monitored by leadership. Additionally supervision, personnel issues, employee attitude and attendance is carried out by the leadership functions. Leadership is responsible for streamlining the direction of individual efforts to the realization of common objectives of the organization. Administration of resources, directing them and motivation activities of human resources is also addressed by leadership. Control: Process of controlling is to track the progress of activities towards the accomplishment of objectives. Checking out any variations from the planned and taking necessary actions to make the plan smoothly are the main activities in controlling. In controlling, critical points and processes are pin pointed at the time of planning and while a plan is progressing, the check points are monitored and adjustments or modifications are done using the specific control tools. Following are the categories of control tools. Information Financial as in budgeting Operational and administrative General management controlling So these principles are taken care of while managing the information security of an organization. It needs involvement of different levels of employees at different stages as information security is always crucial to every business and employee participation is vital for any information security planning. References [1] Panko, R.R. Corporate Computer and Network Security. Prantice Hall, Upper Saddle River, New Jersey, 2004. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security assignment IT Essay Example | Topics and Well Written Essays - 1500 words”, n.d.)
Security assignment IT Essay Example | Topics and Well Written Essays - 1500 words. Retrieved from https://studentshare.org/miscellaneous/1542053-security-assignment-it
(Security Assignment IT Essay Example | Topics and Well Written Essays - 1500 Words)
Security Assignment IT Essay Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/miscellaneous/1542053-security-assignment-it.
“Security Assignment IT Essay Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/miscellaneous/1542053-security-assignment-it.
  • Cited: 0 times

CHECK THESE SAMPLES OF Systematic Security Management

Concepts of Realized Return of the Stock, Systematic And Unsystematic Risk, Beta, and WACC

Contrast systematic and unsystematic risk A.... The concept of systematic risks hints at the evolution of risks, which happen not by the occurrence of chance events.... Thus systematic risks are generally undiversified in nature.... Examples of systematic risks entail changes in the state of economic conditions, which brings in abrupt losses for the economy as a whole.... Further the due to certainty measures the amount of systematic risks can be rendered for explanations and also can be easily modeled....
5 Pages (1250 words) Assignment

Efficient Market Hypothesis

Assuming that investing is riskier, there is still a fairer chance of success against failure thus obliging both debt-holders and share holders to condone such risky investment decisions on the part of management (Campbell, 1987).... In the absence of free cash flow benefits accruing to investors, the management has a tendency to reduce the value of the firm through prodigal behavior, such as granting bonuses and higher salaries.... Some authors go a long way to discuss the most efficient ways in managing systematic risk, unsystematic risk and total...
7 Pages (1750 words) Case Study

Risk-Free Investments

Investors require a 4 percent return on risk-free investments.... On a particular risky investment, investors require an excess return of 7 percent in addition to the risk-free rate of 4 percent.... What is this excess return called? ... ... .... One year ago, you purchased 500 shares of.... ... ...
4 Pages (1000 words) Assignment

Are Managers Measuring the Financial Risk in the Right Manner

However, in the corporate world companies go bankrupt due to a myriad of reasons, which include poor management, rivalry and loss of market.... Liquidity risk refers to the duration the investor has to wait to recoup the purchase price when a security's price plummets upon acquisition.... Liquidity risk is Conversely, bankruptcy risk denotes a situation where the price of a security, for example, shares plummet without any optimism that it will improve....
5 Pages (1250 words) Article

Types of Risks Associated with a Portfolio

Unsystematic risk on the other hand is specific to a particular industry and can only b controlled through proper diversification or portfolio management strategy.... systematic risk is applicable to all sectors and industries in a market and just too specific industry.... The systematic risk cannot be controlled through diversification.... The systematic risks can be of various types and can be further subdivided into Interest rate risks, Purchasing power risk and Market risk....
6 Pages (1500 words) Essay

Finance and Growth Strategies

Next, there is the Jensen's Alpha, a measure that calculates the excess returns above the security market line as done in the capital asset pricing model (CAPM).... It uses systematic risk.... In this paper, the author describes concurrent decisions to mitigate risk and maintain capital adequacy and also methods too such as financial regulatory mechanisms, responsibility in the decision-making structure and the chain of command and legitimacy....
13 Pages (3250 words) Term Paper

Differences between Systematic, Unsystematic and Total Risks

The paper 'Differences between systematic, Unsystematic and Total Risks' defines variations in sundry ways of earnings and the chance to lose money on an investment and the need to discount cash flow to give effect to the time value of money and risk involved in the estimated future cash flow.... systematic risks often originate from political or economic problems, wars, interest rate changes, and calamities and they are hard to avoid.... systematic risk is a risk which applies to the whole market or market segment and affects virtually all the securities....
11 Pages (2750 words) Assignment

Risk Management Program for Data Mart

The paper "Risk management Program for Data Mart" discusses that all the organization-based risk management processes are reliant on the presence of the project-level risk management providing mechanisms to surface and manage the occurring risks or to share the costs across projects.... Organizational risk management refers to risk management carried out at a strategic level (Lam, 2003).... Concepts regarding risk management will often be discussed in the context of Technical Risk management practice that provides a description of the activities and processes which are mandatory for risk management at a project level....
44 Pages (11000 words) Capstone Project
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us