Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
The importance of computer security
Advantage of information and computer security
Advantage of information and computer security
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Recommended: The importance of computer security
Information security (IS) in modern organizations is of vital importance. Modern era of technology brings certain threats to information security but mostly are from internal factors. Enterprises ensures the need of safeguarding information by analysing information security risk for the business. The risk is managed by defining and implementing information security policies. The paper highlights that support from the senior management is essential in almost all decisions for securing information resource. Access controls and privileges assists in information assurance. Investment in information security controls depends upon measuring the business impact of threats. The paper concludes that security culture within an organization is the key factor that influences successful utilization of security measures and policies. All representatives of an enterprise should be made aware of their responsibility in regards to information security that results in framing IS culture within an organization.
1. Introduction
Due to globalization and gains, more and more enterprises are becoming reliant on Internet and information systems. But, it comes with information security risk. Organizations have become aware of security breaches and attacks due to vulnerabilities, technical issues, etc. and are investing in IS measures (Bojanc & Jerman-Blazic, 2013).
As per Glazer (1993, as cited in Doherty & Fulford, 2005), information is a strategic asset for the organizations used in strategic planning, daily process control and judgements.
The paper provides a comprehensive study of existing literature to sketch an unclouded picture of vital fundamentals of protecting enterprise information asset. The paper spotlights the need of ‘gap analysis’ between ...
... middle of paper ...
...d party contracts should have security policies documented when accessing business information (Alexander et al., 2013).
Top management should be involved in and should stay with security decisions. This is critical as most decisions are for outsourcing and partner firms (Johnson & Goetz, 2007).
2.2.5 Information Security Risk management
Risk management means identifications of risks, accessing their probability and then using measures to cut them down. The objective of IS risk management is to specify the relevant controls. The selection of IS controls for risk management depends upon certain factors like initial implementation and maintenance costs, global acceptance of controls for multinational enterprises, etc. (Peltier, 2013).
Risk assessment comes under BIA (Business impact analysis) and gauging the probability and losses by a threat (Alexander et al., 2013).
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
The major threat of the organization is securing its gigabytes of data from the prying eyes of unauthorized outsiders and insiders attempting to exceed their authority. ...
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Risk management purpose is to prevent and reduce the frequency and severity of potential losses. Loss prevention programs promote avoidance of losses, measuring the loss frequency. Some examples are safety programs implemented to prevent workplace injuries, fire detectors, burglar alarms, and other protective devices to prevent losses caused by fire and theft. Insurance companies offer discounts to organization or individuals taking loss prevention measures as incentive for their participation.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
A security manager position is one of the most important jobs that you will find in any organization today. Recent events over the past few decades, have called for more re-amped security measures and procedures throughout facilities. The demand for this position was not the same as it was, twenty or thirty years ago. However, not every company operates on the same level and the position of a security manager may differ from company to company.
A clear, straightforward policy in relation to operational security can often benefit the privacy and security of some businesses (“Understanding Operational Security,” 2016). As a result, Edu Corp constantly analyzes and deploys appropriate solutions to secure every company aspect relating to our operational security. By adhering to Edu Corp’s comprehensive Operational Security Policy, employees may assist in protecting and safeguarding various forms data and critical information, as owned by Edu Corp.
The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...
Moreover, this critical review is important to the national security of America and abroad. The influence a leader and manager has on the security industry is vital. The positions are so crucial because security professionals across the board need influential leaders. It takes all kinds of security professionals to perform the demanding profession of security without fail. The 21st Century is challenging for any career choice, but for security it is an ever changing environment.
As the first step, identify potential risks plays a crucial role in the risk management process. The core purpose of identifying risk is to figure out causes of risk and analyze result caused by the risks and its probability . Hence, risk identification can begin with the source of problem, or with the problem itself. The chosen method of identifying risk may depend on culture, industry practice and compliance. The identification
Risk mitigation is also the process of controlling actions, which are identified, and selecting the suitable ones to reduce risk according to project objectives (Pa, 2015). Risk mitigation is important in IT organizations in so many ways. According to Ahdieh, Hashemitaba, Ow (2012), mitigation of risk provides a mechanism for managers to handle risk effectively by providing the step wise execution of the risk handling (as cited in Pa, 2015, pg. 49). Some risks, once identified, can readily be eliminated or reduced. However, most risks are much more difficult to mitigate, particularly high-impact, low-probability risks. Therefore, risk mitigation and control need to be long-term efforts by IT project managers throughout the project lifecycle. There are three types of risk mitigation strategies that hold unique to Business Continuity and Disaster
Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.
Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.
Risk is the potential loss resulting from the balance of threat, vulnerabilities, countermeasures, and value. ...
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.