StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Key Information Security Issues - Case Study Example

Cite this document
Summary
This case study "Key Information Security Issues" presents the case scenario of Jack Doe that represents most of the internet users who are unaware of the presence of online attackers. Furthermore, it demonstrates the usefulness of information security in an organization…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92% of users find it useful

Extract of sample "Key Information Security Issues"

Information Security Student Name Institution Affiliation Information Security Introduction In an organization, the protection of information is imperative as it ensures that it is only utilized as required. Therefore, information security entails ensuring availability of data on computer systems, integrity, and confidentiality (LAM, 2017). At times the acronym CIA is used regarding information security to refer to confidentiality, integrity as well as the availability of data. The entire process goes a long way to handling risks. As such, sensitive information is protected from change, and alterations without authorization from malicious parties (LAM, 2017). In that regard, the scope report will center on Jack Doe, an employee of 3D Media Communications Ltd and what he should do to enhance the security of his work information. As the community liaison officer, he handles critical client information that should remain secure to maintain the customers, ensure his reputation and his company's. However, the report will use the assumption that Jack is not a target but rather is prone to one. With that, this report will detail key information security issues concerning Jack’s handling of his work information, associated attacks, risks, impacts of attacks, countermeasures, and mitigation effects of the countermeasures. Case Study Concept Map What Information Needs Protecting? In organizations and the society, having the right information is imperative. It allows for proper communication from the management to the subordinates and good decision making. Similarly, in organizations, the information allows employees to solve problems that require analysis of given scenarios. Also, the availability of information in society paves the way for the creation of job opportunities in different sectors (LAM, 2017). Jack Doe's scenario shows that he needs to protect various information from getting into the wrong hands. This data includes; client information in Western Australia, private business for the customers and financial transactions. This information is what Jack requires for his company to provide the relevant services to all its clients. In that case, access to it by a malicious party is a violation of the confidentiality of the information. The idea of data confidentiality infers to the discretion of particular information. In that case, Jack should find a way of protecting this information since it’s a valuable asset to his company. For instance, encryption of the data could ensure that he is the only individual who can access the information irrespective of the point of access. Associated Attacks In information security, an attack is an action initiated by one computer on another with the intention of compromising the availability of data, integrity and its confidentiality. However, there are physical attacks where the devices such as computers are stolen to acquire organizational information. With that in mind, there are various attacks that Jack Doe is prone to. For instance, data modification, eavesdropping, malware, the introduction of sniffer programs, termination of the data applications and disabling the security controls (LAM, 2017). In the event of any of these attacks, then Jack would not access his information. On the worst case scenario, he may lose it. The problem initiated with attacks is that they cause the violation of data integrity. That means that the wholesomeness of the information is lost in that some bits may be deleted or manipulated. Eventually, if the situation is not corrected, Jack might lose his entire clients since no one would like their confidential information stored in an unsecured place. Furthermore, his company will be on the line since the withdrawal of customers may mean no business for the firm. The Risks Paused by an Attack Information attackers find for vulnerabilities in their victims before launching their moves. They keep advancing their techniques from time to time to make it practically impossible to sense their presence and keep them from accessing networks. Unfortunately, even with the right information security tools, there is the possibility of an attack. One of the risks of an attack on Jack laptop is the denial of service. In this case, the MS Word and Access programs may crash when he wants to use his information. Therefore, it will be impossible to view the client information in either Microsoft Word or Access. Similarly, Jack may experience data modification as well as deletion issues. Some of the attackers may consider erasing Jack's information from his computer's hard drive when they access his network. Others may opt to plant malware and sniffer applications. As such, they can keep track of the information he has on his computer and does anything with it. The Impact of Attacks on Jacks Information The lack of implementation of security measures exposes information to attack. These attacks may be instigated through the computer network where the attacker finds access to unsecured data (Whitman, 2016). Furthermore, the fact that Jack moves with his laptop having unsecured files from work and to the internet introduces further security issues. For instance, the internet café's network may be vulnerable which may position him as a victim of the attacker of that network. First, data modification may bar his access to the client list as well as other authorized individuals in his company. Second, the issue of eavesdropping may provide the attacker with appropriate information to conduct business with the listed clients. Therefore, making Jack look as if he is moving clients from his company. Third, the issue of malware may corrupt information on Jack’s computer making it inaccessible or scrambled. In that way, he may not be in a position to conduct his business as a liaison officer. Fourth, the introduction of sniffer programs would provide the attacker with leverage against Jack. Therefore, they may decide to manipulate him for personal gains. Lastly, the disabling of security control would increase the level of Jack’s information to further attacks. Eventually. The confidentiality of information, integrity, and accessibility would be infringed. Applicable Countermeasures Fortunately, most of the information security threats have countermeasures. Therefore, the only task left is the identification of the right measures to take for instance through understanding the nature of an attack (LAM, 2017). In that way, it becomes easy to determine the level of implementing countermeasures, for instance, differentiating from the computer and network application. In this scenario, the recommendations for information security attacks are affordable and easy to effect. On the part of sniffing and spoofing, Jack may consider using complex passwords for his laptop. That would make it difficult for attackers to access his information. When dealing with the issue of malware, he should consider a reliable antivirus program which is readily available through various computer application vendors. On the matter of modifying information, it is recommended that Jack uses digital signatures, encryption, and stronger authentication to secure his work information. Finally, on the issue of denial of service, it would be advisable that he considers using bandwidth and resource throttling methods. Additionally, the validation and filtering of inputs would help on the matter of denial of service attack. In so doing, Jack would be assured of protection from common information security threats. The Relative Cost of the Identified Countermeasures In this report, the identification of information attack countermeasures is based on affordability by Jack. As identified, the methods are simple, require less implementation time, and skills. More so, it would be easy for Jack to monitor his information and scan for any malware and sniffer applications to protect his work data. Furthermore, owing to the importance of information to 3D Media Company and its clients, it is only right to secure the information. The applications of stronger authentication, encryption and digital signals is free. In this case, the cost is time, as Jack will have to continually change his password and encryption keys to guarantee his information security. However, he will have to purchase a reliable antimalware program within his budget. Mitigation effects of the Countermeasures In information security, people are always on the quest for superior protection techniques. Similarly, attackers improve their skills by the day such that they become dangerous. This field has a challenging environment as the increasing level of attacks cause people to use a lot of time implementing security measures (Zelkowitz, 2004). Similarly. Software developers continually create patches to enhance the safety of their products. All in all, mitigation measures play key in the process of information protection. First, data theft is strongly countered and in some cases eliminated. In such instances, organizations are assured that they can have peace knowing that no attacker is near their information (Whitman, 2017). Second, the time spent is struggling to find the cause of attacks is not spent in implementing better solutions. In that way, the confidentiality, integrity, as well as accessibility of organizational information, is guaranteed (Whitman, 2017). For instance, if Jack manages to secure his client information, he will be in a better position to determine the techniques that better protect his data. Lastly, the entire process of implementing information security and risk mitigation techniques enlightens an individual. In that case, Jack Doe will be aware of the importance of data security to his company, clients and as an individual. Why Practice Information Security The information held in organizations is important in decision making, analyzing trends, communication and determining strategies to implement (Zelkowitz, 2004). Therefore, the usefulness of information cannot be overlooked, but it should be protected from unauthorized parties. Data security creates awareness and everyone in an organization realizes the need for simple procedures such as creating complex passwords. As such, it becomes a culture and such as organization can implement sophisticated techniques such as network level protection. In that way, the loss of critical documents is prevented (Whitman, 2016). Similarly, firms can comfortably conduct a risk assessment to determine the areas that require reinforcement in an attempt to remain secure from outside penetration. With that, clients can be comfortable knowing that their confidentiality is certain (Zelkowitz, 2004). Eventually, that translates to more business for such a company. As such, 3D Media may adopt such a culture so that it no longer becomes the burden of a single person but the responsibility of everyone. That would ensure the accountability of each employee since they will know that they are entrusted with the duty of protecting the information they use at work. With the knowledge of information security, a firm may choose to educate its workforce or hire qualified ones. Then, the goal would be to protect its information asset as a result of the benefits of this resource. Also, strict policies will be enforced to ensure that everyone follows the right procedures as directed by the system administrator (Zelkowitz, 2004). And with that, employees can respond to attacks with intelligence rather than panic. That means, in the slightest of chances information can be salvaged when the best skills are employed. In this scenario, 3D Media would benefit greatly from enforcing the simple information security measures such as encryption, using digital signals and secure authentication (Whitman, 2017). Such a move begins with small steps before finally shifting to the complicated methods. As a result, an employee handling sensitive information such as Jack Doe would know how to protect it from attackers. At the same time, he would know that an internet café is not the best place to operate company business since the network there may be compromised. Conclusion The case scenario of Jack Doe represents most of the internet users who are unaware of the presence of online attackers. Furthermore, it demonstrates the usefulness of information security in an organization. In the society as well as companies, information is the tool that enlightens and therefore people can make sound decisions. More so, some people analyze data to find meaningful patterns that aid in creating strategies in business. As seen in this case scenario, the protection of information starts with small steps and then advances. It is more of a routine rather than a one-time thing. The reason being that the information security environment evolves and one needs to be on toes. Otherwise, they may be shocked by an attack which may compromise the integrity of their data. At the same time, attacks on organizational information are random which makes them difficult to anticipate. As seen, Jack represents a novice employee who is unaware of the dangers of unsecured information to his organization. However, his situation can be corrected by educating him on this matter. References LAM, K. W. (2017). INFORMATION AND COMMUNICATIONS SECURITY. Place of publication not identified: SPRINGER INTERNATIONAL PU. Whitman, M., & Mattord, H. J. (2017). Management of information security. Boston, MA: Cengage Learning. Whitman, M. E., & Mattord, H. J. (2016). Principles of information security. Zelkowitz, M. V. (2004). Information security. Amsterdam: Elsevier Academic Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Key Information Security Issues Report Example | Topics and Well Written Essays - 2000 words, n.d.)
Key Information Security Issues Report Example | Topics and Well Written Essays - 2000 words. https://studentshare.org/information-technology/2056023-drawing-information-security-concept-map
(Key Information Security Issues Report Example | Topics and Well Written Essays - 2000 Words)
Key Information Security Issues Report Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/2056023-drawing-information-security-concept-map.
“Key Information Security Issues Report Example | Topics and Well Written Essays - 2000 Words”. https://studentshare.org/information-technology/2056023-drawing-information-security-concept-map.
  • Cited: 0 times

CHECK THESE SAMPLES OF Key Information Security Issues

Historical Information for Minicomputer

Security Privacy Privacy is one of the main issues for any individual doing any kind of work on a computer.... Some of the main benefits of thin client computing include lower cost of ownership and maintenance, remote access to different applications, high reliability, better data security, and simplified use.... One needs to apply proper mechanisms to authorize only relevant people to access data in order to ensure optimum security.... Appropriate key management mechanisms are very necessary for maintaining the security of cryptosystem....
3 Pages (750 words) Thesis

Technology of Information Security

Technology of information security Name Institution Technology of information security Introduction The use of cryptography is a necessity for the consequence of the revolution of information in the world today.... hellip; The technique has been in existence for a long time but is not yet fully reliable thus posing a danger to all the information that is shared via the internet.... Cryptography is a very powerful and important technology that can be used to protect information sent to emails and all financial based transactions....
3 Pages (750 words) Essay

Securing and Protecting Information

Security and Protecting Information Instructor Institution Date Securing and protecting information Development of information security strategies protecting complex data and information across a wide network while also improving system performance as well as ensuring easy data retrieval when necessary is one of the most challenging tasks in network design (Dhillon, 2007).... information security includes protection of all forms of information and data including both physical and electronic forms....
3 Pages (750 words) Essay

Design Issues in the System (Security)

As per the given case study, the new system implemented in the restaurant has several issues related to the system security and user interface design.... It is pertinent to highlight and review these issues include but are not limited to the locking up of the system after receiving four incorrect either username or password, the system screen automatically gets locked after three minutes of remaining idle, the locked screen can only be opened by the particular / logged in cashier and if the cashier is not available the system is required rebooting to log in any other cashier....
5 Pages (1250 words) Essay

IPad's Security Breach

The author of the paper "iPad's security Breach" touches upon the idea of security of "iProducts".... As the text has it, controversy hit Apple's iPad or more specifically the iPad's cellular network, AT&T as a security research company, Goatse security pointed out a flaw in the security system.... nbsp;… Goatse security reported to Gawker that using a script available at AT&T's website, they were able to hack into the iPad and retrieve email addresses of possibly 11,4000 people including top celebrities, politicians, media personalities and also military personnel....
5 Pages (1250 words) Research Paper

Privacy of Information

A number of serious privacy of information security concerns have been raised as a result of this practice.... In considering the issue of privacy of information as pertains to online customer transactions, there are a number of key issues that need to be considered.... These issues include the fact that some websites can be able to automatically collect information every time that an… Other websites either plant cookies on the user's system or ask for the user to provide personal information such as name, phone number and email address before a user can be allowed to view the website's content or even become a member....
1 Pages (250 words) Assignment

Security Issues of Bitcoin

The paper "security issues of Bitcoin" discusses security problems associated with bitcoin.... Apart from these issues, there is another major concern that might affect the use of Bitcoin in the future.... he most important ethical question against Bitcoin is if this payment system can help to overcome the present issues related to hacking or is it going to open another window for socio-economic unrest.... nbsp;According to Schouwenberg, a security researcher of Kaspersky Labs, Criminals pose threat to Bitcoins because it is almost impossible to trace them after stealing Bitcoin, so it is easy to spend it after stealing....
5 Pages (1250 words) Essay

Net Work Security: Kerberos and Key Management

Since Kerberos depends on the time stamp for its security, then the time stamp must be encrypted.... ow time stamp worksBefore the time stamp starts performing, Kerberos grants a TGT to a client after accessing and checking the user name and password, whether they are the same: these they get it from information stored in the KDC database.... An authenticator is then created which contains the time stamp of the TGT (ticket), a certificate (license) and a public key....
18 Pages (4500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us