Risk And Risk In Information Security

Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as

Information security enabled by technology must include the means of lowering the impact of intentional and unintentional errors entering the system and to prevent unauthorized internally or externally accessing the system  actions to reduce risk data validation, pre-numbered forms, and reviews for duplications. It is crucial that the mission plan include the provision of a disaster recovery and business continuity plan. On the other hand, there is much more intrusion activity today than ever before. Obviously, there is an increased concern for attacks through companies’ network in an effort to either commit malice or affect the integrity of an organization’s most valuable resource. Therefore, it is important that companies do not get complacent in their IT infrastructure security. The fact of the matter, there is no perfect system; however, it behooves organizations to protect their information by way of reducing threats and vulnerabilities. Moreover, Whitman and Mattord (2010) said it best, “because of businesses and technology have become more fluid, the concept of computer security has been replaced by the concept of information security. Companies

Data security is not just imperative to consumers whose information is stored; it is also significant to the organizations who store this information. A failure to secure information can impede a business in a number of ways. Losing information that gives an organization a competitive advantage can lead the destruction of; and cause consumers to abandon the organization and seek out another organization to do business with.

Businesses are becoming ever more dependent on digital information and electronic transactions, and as a result face stringent data privacy compliance challenges and data security regulations. With the enterprise increasingly under threat of cyber attacks and malicious insiders, business applications and networks are now dependent on the use of digital credentials to control how users and entities access sensitive data and critical system resources.

To begin with, I started with two courses in the EMSISS program - ISOL 633 - Legal Regulations, Compliance, and Investigation and ISOL 533- Information Security and Risk Management. I also got an internship opportunity of a part time CPT with Sapot Systems Inc as a Software Engineer. The knowledge and interest I had along with these courses, helped me to go that extra mile in my day to day job responsibility.

Confidentiality, Integrity and Availability are the three hardest aspects to preserve in information Security. Confidentiality, being the most important aspect, is the prevention of unauthorized disclosure of information. Integrity protects the information within the document by making certain that only authorized users and parties can modify the information. Lastly availability insures that information and services are available when needed. These three aspects form a bond between companies and consumers insuring the information is in safe hands. However, IT systems and networks are prone to more malicious attacks then ever before and the number of computer crimes is increasing every day. Examples include Hacking, Viruses and vulnerabilities,

“Businesses, governments, and other organizations face a wide array of information security risks. Some threaten the confidentiality of private information, some threaten the integrity of data and operations, and still others threaten to disrupt availability of critical systems” (Sullivan, 2009). Since such security risks are always going to present in the cyber world, businesses and organizations need to fully be aware of any vulnerabilities in their systems. The initial realization of any organization’s vulnerability can only

An important consideration of an information or operating system of a business or organization is to have a security system that protects information, data, and integrity of the company’s sensitive information and records. If a business or company does not have adequate security, financial, sensitive, and classified information may be compromised and prone to possible viruses and malware, hacking, or at risk of a cyber-attack to the company’s data resulting in possible

Traditionally, IT (Information Technology) security focused on securing the IT assets within the organization’s IT framework. However, with the advent of smart mobile devices, cloud computing, and remote connectivity, the IT landscape has changed dramatically in the last few decades. With these changes, the frequency of attacks by cyber criminals has increased as well. We constantly hear news reports of large-scale cyber attacks targeting financial, government and healthcare organizations. Moreover, the type of attacks has evolved to become more sophisticated and untraceable, making it difficult for security analysts to keep up with the every changing technological demands of creating and maintaining an effective security. This has now led many security experts to believe that having an effective defense mechanism in place is a much viable option than to be reactive to threats. This also makes sense from a business perspective. Companies want their IT investments to further their business goals and not to be constrained too much by focusing heavily on IT security, which could potentially lead to an increase in operational costs to tackle security issues.

Traditionally, IT (Information Technology) security focused on securing the IT assets within the organization’s IT framework. However, with the advent of smart mobile devices, cloud computing, and remote connectivity, the IT landscape has changed dramatically in the last few decades. With these changes, the frequency of attacks by cyber criminals has increased as well. We constantly hear news reports of large-scale cyber attacks targeting financial, government and healthcare organizations. Moreover, the type of attacks have evolved to become more sophisticated and untraceable, making it difficult for security analysts to keep up with the every changing technological demands to successful prevent, analyze and thwart security attacks. This has now led many security experts to believe that having an effective defense mechanism in place is a much viable option than to be reactive to threats. This also makes sense from a business perspective. Companies want their IT investments to further their business goals and not to be constrained too much by focusing heavily on IT security, which could potentially lead to an increase in operational costs to tackle security issues.

While it lessens the burden on organizations, reducing and shifting the cost and risk of its IT operation, security and management issues to an external service provider or vendor, outsourcing any portions of an organization's Information System has significant risks that can sometimes become detrimental to the outsourced organization. According to the Commission on Government Outsourcing, "when outsourcing an organization exposes itself to significant risks in terms of security, accuracy, and completeness of information (Holroyd City Council, 2008)". Comprised in the rest of this document is an

The present Information Security technology seems insufficient to totally deal with all the ICT problems of the organization. As per Bob Blakley, Ellen McDermott and Dan Geer, the present security technology available doesn’t reduce the risk very effectively (Blakley, McDermott, & Geer, 2002). A need is imminent to totally revamp the approach if the Organizations aspire to deal effectively with the problem. Information Security is essential because the technology used for processing data and generating information creates risks.

These are used by organisations and charities wishing to exterminate the possible risks by assembly information security risk assessment (information security risk assessment). The ISRA is able to resolve the amount of the potential risk associated with an IT system. An ISRA method identifies an organization 's security risks and provides a measured analysed security risk profile of critical assets in order to build plans to treat the risks hand would beneficial in health and social care to insure things are protected. (Syalim et al., 2009).

Pressures are mounting for organizations to implement encryption solutions. With the staggering costs of data loss, encryption projects are on the rise. Using encryption as a tool to protect information and prevent data loss is certainly not a new tactic. Data breaches are happening every day, around the world. So why is it important today? Using encryption as a tool to protect information and prevent data loss is not a new tactic (Skinner , Eric, 2008) . There are many reasons now that make encryption more important than ever. Data being breached is happening everyday around the world. There isn’t a day that doesn’t go by that I don’t hear something in the news about something being breached. Or information being leaked and every year breaches are becoming more costly. There are several types of data encryption used in today’s world. Some of these are file and folder encryption, e-mail encryption, full-disk encryption, mobile data encryption, cloud encryption, and application encryption.

Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.