Information systems risk and security Essay

INFORMATION SECURITY

1.A) Integrity -This is were authorized users can access, delete and modify Information and they also preserve the consistency of the information.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Privacy -This is the protection of restricted information and identity of a client.

Implementing a security model by using the principles of privacy and integrity helps preserve the information assets of an organization. With integrity this helps to maintain the consistency of the information assets from being altered by unauthorized users. Privacy is where the personal information and identity of a client is handled securely. By personal information I mean by address, name, bank account number, and password and so on. Organizations are strongly required to take such precautions to safeguard the clients personal information they collect, process and store. This is to avoid fraud and identity theft. This also helps in preserving the organizations image to the public.

B)Defense in depth is whereby more than one layer of security is applied throughout a System. This model helps the organization to prevent security breaches and gives them an amount of time to detect where and when an attack has occurred. If an organization does not have this model to protect their assets their integrity could be destroyed, their systems could get attacked by viruses and cyber terrorism.

C)Mission objective:with the use of information security it will be effective and
Achieve maximum security to protect the computer systems
Assets of the organization.

Vision objective:the policy standards should be raised so as enforce strong
Security so as to protect the clients and make sure their
Services are very efficient and that they are getting the right
Services. Also make sure the staff understand the policies and
Improve their skills and maximise their abilities.

D)High level security approach does increase complexity. These are the factors that contribute to that:

-The organization has limited funds to implement this high level security. -Shortage of staff and security.
-Lack of knowledge and resources of how to implement the security. -If too many policies are implemented it could also increase the complexity. -Too many firewall rules could lead to a system outage or system breach. -Threats are becoming more advanced as new advanced technology is being released. -Cannot keep up with the new technologies that are constantly being released -Using the appropriate framework for the IT security.

-Conducting an audit as there might be espionage within the organization. -Time consuming if the staff is not trained properly.

2.A)Potential threats

AnalysisClassification
Not assigned access idsUnauthorised access threat – High level risk No database information of staffUnauthorised access threat – High level risk No appropriate and secure work spacePhysical threat and Unauthorised access threat – High level risk No secure internet connection to conduct private researchUnauthorised access threat and malicious misuse – High level risk Projects not assigned to the rightful staff of the right departmentAccidental threat – Medium to High level risk Vandalism to property can occurPhysical threat – high risk Property theftPhysical threat – high risk

Natural disaster can occur anytime and their assets are not well protectedPhysical threat – high risk

B)The most useful access control mechanism is both the technical control mechanism and physical control mechanism.

TECHNICAL CONTROL MECHANISM

-Encryption:it is used to protect sensitive information from being read by The public. The information can only be decrypted using a cryptographic key by authorized users only.

-Authentication:the process of identifying the validity of a user. There are Different types of authentication and these are access cards with an assigned unique id chip, biometrics where a finger print can be scanned for positive id or a retinal scan, password should be unique and constantly changed.

-Security devices:port protection device is the authorization access to the port Itself and is usually on a different authentication independent of the computer’s own access control functions.

-Identification:this where a user has some form of id to identify themselves.

PHYSICAL CONTROL MECHANISM

-Security guards:they should be specially trained as they are guarding Sensitive information to avoid any form of terrorism.

-Intrusion detection:they should put a sophisticated alarm system That they can afford for example heat sensors.

-Facility protection:they should have one entrance and exit for example They should have access cards to enter and guards to verify their identification.

-Locks and monitoring:doors should have magnetic locks and can only be open With access cards for authorized users only. There should be security cameras to monitor movements and to see if there is no suspicious activity
occurring.

C)The Bell-La Padula security model applies to this situation as sensitive information is
Protected within the computer system. Unauthorized users have no access to
Unclassified or Top Secret information as it is encrypted and they cannot modify or
Delete any information. This preserves the confidentiality of the project. This model
Can be used by the military as it has all the factors needed to protect their
Information assets.

REFERENCES:

Algosec Inc., (2012), Examining the dangers of complexity in network security environments, Algosec Survey Insights, Rosewell GA, USA.

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&ved=0CDMQFjAC&url=http%3A%2F%2Fwww.algosec.com%2Fresources%2Ffiles%2FSpecials%2FSurvey%2520files%2F12_10_11_security_complexity.pdf&ei=MT1FUpfcDYGyrgf67oDIAw&usg=AFQjCNFJnvtM_Tkybfe2sUMTAZfPTufYzA&bvm=bv.53217764,d.bmk