Communications Assignment 2
INFORMATION SYSTEMS SECURITY: A PROPOSED RESEARCH TOPIC
Professor:
Submitted by Student ID
Mohit - 9
Table of contents:
1. Introduction…………………….…………………………………………………………………..3
2. Research Question and Purpose …………..…………………….…………..…………………….....4
3. Methodology………………………..………………………………………………………......5
4. Planning and organization…………………………………………………………………7
5. Conclusion……………………………………………………………………………..…………8
6. References...………………………………………………………………………………………9
Introduction
Information is one of an organization’s most valuable assets. Defense of information assets is necessary to establish and develop trust between the institution and its clients, provide
…show more content…
Specially, the Small and Medium Enterprises (SME’s) lack the security policies and governance, hence are exposed to the cyber attacks. They do not have well defined information security system in place and do not have a mitigation policy do defend their information systems during a cyber attack. The purpose of this research proposal is to identify the effectiveness of an organization’s Information Systems Security and various risks involved with it. Also, the various security policies and governance is part of this research proposal.
RQ1- How does the IS security system used in an organization helps to protect the critical information?
RQ2- Is the IS security system strong enough to secure employees and customers’ information?
RQ3- What are various risks associated with an organization IS security systems?
RQ4- What are the standard IS policies which an organization should adopt?
RQ5- What are the various generational differences in information security?
RQ6- What are the various mitigation policies adopted by organizations during a cyber attack?
The theoretical framework chosen for this research is the system development life cycle (SDLC). The SDLC originated in the 1960s and held that in order for IS manufacturers to build effective systems; they must follow certain steps (Lai & Tsen, 2013). These steps are
Information is the key to any organization in the world today; it is what makes an organization successful, accurate and proficient in an increasingly competitive market. Without information a company is powerless, it does not know its customer or understand them,
From the Requirements for the Corporate Computing Function, the fifth computing facility fulfillment point reads, “Meet information requirements of management” (Stallings, 2009, p. 58). Stated in another way, this Chief Information Officer’s (CIO) mission statement’s component implies that company information can be utilized by management for a great deal of things. While the security of all company-owned data is immensely important to the success of the organization, some of the information carries significant value when used by
As technology grows and information has become a critical asset companies currently are devoted their resource and money to protect their data as important as their finance and human resource assets.
The next step in the process is system analysis. This second stage involves gathering requirements, such as documenting the strengths and weaknesses of the current system, having discussions with the users to understand their roles and needs. This is an integral part of the life cycle as employees are the most important asset a company has. Baya, Gruman, & Mathaisel state, “information technology
Information security enabled by technology must include the means of lowering the impact of intentional and unintentional errors entering the system and to prevent unauthorized internally or externally accessing the system actions to reduce risk data validation, pre-numbered forms, and reviews for duplications. It is crucial that the mission plan include the provision of a disaster recovery and business continuity plan. On the other hand, there is much more intrusion activity today than ever before. Obviously, there is an increased concern for attacks through companies’ network in an effort to either commit malice or affect the integrity of an organization’s most valuable resource. Therefore, it is important that companies do not get complacent in their IT infrastructure security. The fact of the matter, there is no perfect system; however, it behooves organizations to protect their information by way of reducing threats and vulnerabilities. Moreover, Whitman and Mattord (2010) said it best, “because of businesses and technology have become more fluid, the concept of computer security has been replaced by the concept of information security. Companies
The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSA's framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA).
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Essential to managing confidentiality and integrity are tools that aid in Identity Management or “IdM”
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
Limitations of Research: Considering all the studies this paper also has limitations. Since Information security management is prominently growing area, the guidelines maybe unstable and quick changes can happen. However the loss can be overcome if the organization maintains its security policies in clear and update them timely.
Information security is often still playing in companies only a minor role. Many companies neglect aspects such as system misuse, sabotage or even espionage. But by now the reality has caught up with them. Straight from abroad there are more hacker attacks and espionage by competitors. Therefore, the law requires different approaches before to ensure information security. Companies must for example ensure that their information-processing systems are protected and kept safe.
The realization of potential risks to an organizations information system has been increased in the past few years. The principles of risk management, vulnerabilities, internal threats, and external threats is the first step in determining which levels of security are necessary to protect and limit the risks to an organizations information system. This essay will describe the principles of risk management as they pertain to the information system and its associated technology of Professional Security Training School. Moreover, this essay will include an exploration of the vulnerabilities of
Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.
It has long been accepted that constant change is fundamental to IT. While most IT managers understand that change is part of the norm, the organizations that employ them often resist it. Successful IT development calls for having a clear blueprint for proper IT direction of an organization. By using a System Development Life Cycle (SDLC) model and sound best practice methods, an IT manager can define that blueprint and make the best possible IT decisions.
While information security has many benefits in our technologically advancing environment, it also comes with its own set of issues. Three of the top issues in keeping information secure are lack of awareness, complacency, and no root cause analysis. Even more recently, we have experienced issues with information security and allegations of election hacking.