My report will be discussing and analyzing the security management at the tower. In the first part, I will give a brief about cyber security at the tower and outline its competencies. In the second part, I will discuss and analyze security management at the tower and finally I will add solutions, recommendation and end my report with conclusion and references.
In the past twenty years, almost all businesses have become more dependent on information security. The use of computer networks has also increased, not only within businesses but also between them, and between local businesses and international business in all over the world. The growing complexity of IT infrastructure means that businesses are now more vulnerable to technical failures, human faults, misuse, hackers and computer malware. This increasing complexity needs a consolidated management approach. Also, Security Management has an important relation with business activities. The main aim of security management is to supply a basic level of security, independent of external requirements security management is important to preserve the uninterrupted operation of the IT companies. Moreover, it expands Information Security Service Level Management, as it is hard to manage a great number of different SLAs than a limited number. Nowadays, many corporates deal with Information Security at the strategic level in information policy and information plans, and at the operational level by buying material and other security tools. Information Security is not a target in itself; it aims to help the interests of the business or corporates. Also, Information Security must be suitable to the needs of the information.
An effective information supply, with sufficient Info...
... middle of paper ...
...e needs and other stuff.
6- Risks such as asset, threat, vulnerability and combinations.
7- Action preference for any risk.
8- Suggested controls from the risk assessment” [2].
According to the case study, I have seen that there was no security plan at all. This thing increased the risk to the highest level. Also the IT directors and the IT staff should carry all responsibilities about all Vulnerabilities happened to the system.
This is my fourth case study and I hope you like it.
Best Regards
Mohammed Almohdar
References
[1], [2]. Stallings, W., & Brown L. (2012). Computer security: Principles and practice.
Boston, MA: Prentice Hall.
Raggad, B. (2010). Information security management : concepts and practice. Boca Raton, FL:
CRC Press/Taylor & Francis.
Tipton, H. & Nozaki, M. (2007). Information security management handbook. Boca Raton:
Auerbach Publications.
How does the creation of the Department of Homeland Security affect resources traditionally designated for local criminal justice organizations?
After the fear of terrorism grew in the United States do to the Al Qaeda 9/11 attacks on the World Trade Center and Pentagon, the US Government found a need for a centralized department that umbrellas all other agencies when it comes to homeland security. The U.S. Government found this umbrella agency with the passage of the Homeland Security Act by Congress in November 2002, the Department of Homeland Security formally came into being as a stand-alone, Cabinet-level department to further coordinate and unify national homeland security efforts. (Homeland Security) With the creation of the new Department of Homeland Security (DHS) the government had a pinpoint location for the collection and gathering of intelligence, control of policies that effect national security, and a no fail mission. The Department of Homeland Security started to engulf other agencies and created many more, a total of 22 agencies now fall under the DHS. The DHS is control of all areas that deal with national security which included but are not limited to coastal and boarder protection, domestic terrorism, international terrorism, protection of the American people, protection of key infrastructure, protection of key resources and respond to natural disasters.
This assignment looks at the importance of safeguarding and how practitioners and agencies should be involved to help prevent any risks when dealing with a vulnerable adult. The case study is about a 22 year old vulnerable adult called Andrew who has been diagnosed with autism. According to (Autism.org.uk, 2017) Autism is a complex developmental disability that usually affects children during early childhood. It is a condition that can affect communication, behavior, social interactions and how people experience and interact in the general word around them.
On September 11, 2001, twenty Arab men boarded four different airplanes with the intent of attacking our country. They boarded the planes with the intent of causing tremendous damage to New York City and Washington, D.C. Two planes crashed into each tower of the World Trade Center, one plane crashed into the Pentagon, and the last plane crashed into a Pennsylvanian field. These twenty men cut short over 3000 lives. The innocent people that died had no need to have their lives taken in the way that they were. However, they lost their lives because they were American, and to the terrorists, they stood for certain principles.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Program will use a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures that address security objectives in tandem with business and operational considerations. The Information Security Program will develop policies to define protection and management objectives for information assets. The Information Security Program will also define acceptable use of PCS information assets. The Information Security Program will attempt to reduce vulnerabilities by developing policies to monitor, identify, assess, prioritize, and manage vulnerabilities and threats. The management activities will support organizational objectives for mitigating, responding to and recovering from identified vulnerabilities and threats.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Does the thought of going through airport security make you want to jump off a bridge? Some people may think that security in airports is either too strict, or it is not enforced enough. Airport security has certainly developed over time, both in terms of more technology, and in terms of increased security. It has had a lot of reasons to step up, both with terrorist attacks, and with other incidents, such as the way that explosive technology has evolved. The topic of airport security is a big debate: is it too strict or not strict enough? It is important that people know and understand both sides of this important issue.
Vulnerability is a weakness in a security system. A threat is a set of circumstances that has the potential to cause loss or harm. How do we address the problems of threats and vulnerabilities? We use control as a defensive method. Control is an action, device, procedure, or technique that removes or reduces vulnerability. (Pfleeger & Pfleeger, 2007)It is essential to have adequately qualified IT personnel on the security team to properly monitor the network’s activity log because this log records the activities occurring in an organization’s systems and on its networks.
Solution: The organization should put in place a competent incident response team, continuously update their security
In order to have an effective physical security program you need to know what you are protecting and why you are protecting it. Physical Security encompasses the protection of people, places, things, and data. Protecting each of these elements requires different pieces of equipment or different avenues but the philosophy of the protection is the same. In this I mean that you are protecting from unauthorized access to the places, people, things, and data.
Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.
This report aim to explain how is achieved risk control through strategies and through security management of information.
Network management planning and security planning involves identifying the best and most appropriate systems and hardware that the firm can use to better manage network and plan security systems. Therefore, the management required me to examine the best software and hardware systems in the market place that the company can adopt to enable it to manage the network and security. The management required me to advice on the implementation procedure of various plans that are going to be adopted. My responsibility also involved finding out or predicting the impact of the plan on the future operations. They required me to evaluate the challenges the company might face while adopting the changes in the network management plan and security plans.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.