Principles of Security 5th Edition Chapter 1 Review Questions

Consider your case-study industry and the security discussions that are taking place there.  Consider the security discussions that are taking place in this seminar.  Delve into the models that have been explored and articulate what you and your colleagues think of these conceptual frameworks.  Assess the overall value of models and frameworks to your industry's security environment. Reference sources and the interview will be essential to the success of this particular assignment.

1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?

The evolution and understanding of the importance of information security and risk management originates from the awareness for the potential of IT in business functions and as a business enabler. This was then

Computing environments are comprised of networks, operating systems, applications, and databases (Figure 1). Information security, as a practice, focuses on securing an organizations most important

The BSIMM states that intelligence practices result in collections of knowledge to use to carry out software security activities throughout your organization (2015). The collection of security knowledge included in the intelligence domain are policy, standards, design and attack patterns in reference to a secure architecture and secure development framework within the SSF (McGraw, 2006). This domain provides the essential resources to equip the staff with the necessary training for development and delivery. McGraw (2006) traced that the topics included are security knowledge and assurance activities with retrofitting of the existing courseware to software security concepts. Moreover, the SAS stated that the secure developments standards are met in the proper deployment of the intelligence domain. According to the SAS SSF, developers work with the standards and guidelines that provide the foundation for building secure software (SAS, 2015).

To forestall the troubles produced by employee use of information systems and other assets, producing a thorough information security design is almost significant. This program will provide the system with necessary details regarding the role of the organization’s assets.

1.A brief summary of the range, contents, and argument of the article. Despite substantial investments, there are still major security weakness in today’s information systems. Cyber attacks have become more ubiquitous and make the affected organizations lose millions or dozens of millions of dollars. It is obvious that the security of the IT systems is stagnating and possibly degrading. Hence, the author summarizes four anti-patterns that, based on empirical evidence, are particularly common and detrimental to a strong security posture. Also, the article gives suggestion for organizations to overcome those anti-patterns. The four anti-patterns are shown below. First of all, decision

1. How can a security framework assist in the design and implementation of a security infrastructure?

Without proper security, businesses may suffer the potential consequences of operational risks, making the position of corporate security manager vital for their success and safety. In conducting research, I discovered the potential consequences of not securing your business, and the importance of protecting the resources contained within your business, making it apparent businesses will require those with the expertise to handle these threats. So it is without fail, corporate leaders

There are two types of management approach to the IT security function in the organization. The first is the bottom-up approach. The implementation of the IT security audit is from the grass-root level, whereby, the systems administrator and technical officers are the one making the decision on how to improve the security systems. This is advantageous because they possess technical expertise to enable them to execute these IT security functions. However, even with the best technical expertise, IT security within an organization would still be vulnerable due to lack of participation support from top management and the users of these IT systems. Another management approach is the top-down approach.

Be able to examine security from a holistic view, including threat modeling, specifications, implementation, testing, and vulnerability assessment;

“In today’s competitive business environment, information is the lifeline of many organisations. It should therefore be protected, secured and managed accordingly” (Broderick, 2001; Finne, 2000; Posthumus and Von Solms, 2004; Squara, 2000, cited in Kritzinger & Smith, 2008). The protection of that value information is called ‘information security’. Its primary goal is protect the information ensuring its availability, confidentiality and integrity (Posthumus & Von Solms, 2004; Kritzinger & Smith, 2008; Tashi & Hélie, 2009; Fuchs, Pernul & Sandhu, 2011). Information security management is also about ensuring the security of information conducting proactive management of information security risks, threats and vulnerabilities (Posthumus & Von Solms, 2004; Kritzinger & Smith, 2008)

decisions regarding how and where security should be applied to ensure a favourable outcome for the enterprise. Analysis

First thing that comes to mind when we talk about information technology (IT) security is computer security. In todays world, as we know technology is on the rise and more and more threats are accruing each day. By increasing and taking proper security measures in the world of evolving information technology has assist organizations in protecting they information assets. As society has grown more complex, the significance of sharing and securing the important resource of information has increased. However, over the past years organizations, firms, and cooperate business has suffered deeply financially and reputational destruction because of lack of information security management. In the early century large companies, firms, and corporation needed to make it the priority to ensure they data and electronic system was secured. Nowadays, technology is spreading in such a short period of time that it affects every part of our everyday life. Technology is the main source on what we rely on consistently to manage daily assignments. Keeping in this in mind, if we do not treat IT security seriously it can affect everyone. From small to large organization information technology usually points to laptop or desktop computers, switches, routers, and servers that form a computer system. Also, some additional technology equipment information technology has included are phone and voice mail systems, cellular phones, fax machines etc. There has been a high dependency on

This project provides you an opportunity to apply the competencies gained in various units of this course to identify security challenges and apply strategies of countermeasures in the information systems environment.