Information Security : A Comprehensive Security Framework Essay

Information Security : A Comprehensive Security Framework Essay

Length: 1097 words (3.1 double-spaced pages)

Rating: Better Essays

Open Document

Essay Preview

Institutions of higher learning are increasingly using Information and Communication systems in administration, teaching, learning and research. This infrastructure needs to be available, secure and well protected. It therefore becomes crucial for information security practitioners in public universities to implement effective information security programs. Information security focuses on technological issues and important elements of an organization such as people, process, business strategies etc., which also mandates the need for information security. A comprehensive security framework incorporates three basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of an information security framework work together to secure the environment and remain consistent with an institutions business objectives. (Mark, C.A. Wiley & A. John Wiley, 2011)

Figure 1: Concept of People, Process and Technology
Attacks upon information security infrastructures have continued to evolve steadily overtime making the management of information security more complex and challenging than ever before (Deloitte East Africa, 2011).
Information security management systems should be implemented, maintained, monitored and reviewed regularly to ensure their effectiveness. This is according to the best practices in information security. (Amason and Willet, 2008). Information management System’s failure is very critical and would lead to losses for a university. For example, the failure of the integrated Financial Management System could lead to the process of admission of students and recruitment of new staff coming to a standstill as this system crucial. Failure of examination systems that p...

... middle of paper ...

...rol security measures. Mwakalinga hence concludes that security frameworks should be aligned with the major information systems security standards and mapped with reported ICT crimes cases. Beaudin (2015) further notes that these Colleges and universities require information security policies in place, and breach response plans to ensure that they will decrease their potential liability in the event of a breach. Ellucian (2013) confirms that cyber-attacks on colleges and universities now account for some 17 percent of all data breaches, second to the medical industry. The rise in data breaches and cyber-attacks on universities and colleges in frequency and sophistication shows there is need to investigate the current information security implementation. The study therefore seeks to assess information security system implementation in public universities in Kenya.

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »

The Practice Of Information Security Management Essay example

- The famous cryptographer Bruce Schneier once said that “[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of Information Security Management is employed by businesses through a variety of standards, best practices, and frameworks to combat this issue. Their adoption of best practices in the public domain allows businesses to strive for improvements through their own interpretation. These best practices are sourced from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma, or ITIL....   [tags: Information security, Security]

Better Essays
1160 words (3.3 pages)

IT Security Policy Framework Essay

- ... Each of the seven domains poses a different business challenges that IT management should concentrate on or be aware of when developing IT Security Policy Frame. The first challenge is in the user domain. We must train our employees to ensure they are aware of the security policies. Employees need to understand the policies and how it aligns with business goals and mission statement. Another challenge in this area is handling of sensitive information and non-public customer identifying information....   [tags: protect, firewall, virus]

Better Essays
848 words (2.4 pages)

An Evaluation of Information Security and Risk Management Theories Essay

- An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research....   [tags: it security, risk management, nist]

Better Essays
1902 words (5.4 pages)

The Legal Department Is Essential For Generating Profits, Effectiveness And Efficiency Of The Company Security Divisions

- Furthermore, while productivity of the other firm’s department is essential for generating profits, the effectiveness and efficiency of the company security divisions is vitally important for the very company survival. Therefore, the firm should reduce its dependency on particular professionals to the utmost. As a result, rotating professionals from the different departments is mandatory in order to ensure that a security professional is capable of executing any task entrusted to him. d) Legal Department – it is reasonable to believe that the legal department has already been established in the company....   [tags: Security, Computer security, Physical security]

Better Essays
945 words (2.7 pages)

The Problem Of Using Risk Essay

- Talking about risk that you can have on your system could be a lot of things one thing that it could happened to your system it can be hacked very easily. Most computer have a very weak safe guards that would prevent attackers to get access to the system. The next thing that would put you at risk is a virus attacks, because the company that you are working for don’t want to spend the money out to update there anti-virus software. An risk that you may also have is that your company does not have a qualified IT technician at the place where you work....   [tags: Computer security, Security, Information security]

Better Essays
1367 words (3.9 pages)

Information Security and Clout Testing Challenges Essay

- Cloud Testing Challenges Cloud testing techniques are still in its infancy stage, there are several challenges associated as below (Jain & Malhotra, 2013; Gopalakrishnan, Prakash & Ramadoss, May 2012): Cloud Service Model: With a variety of service models and having clients from multiple domains makes it very arduous for test team to engender an optimal test matrix. For each service model, subscriber has access to different set of system components and hence has different use cases for testing availability, security, and performance....   [tags: Saas application, encryption testing]

Better Essays
820 words (2.3 pages)

Security Controls Based On Auditing Frameworks Within The Seven Domains Essay

- Introduction: This document will outline the policies and practices to be used and implemented in compliance with DoD specifications and standards for the contract of services to be provided to them. This report will consist of creating security controls based on auditing frameworks within the seven domains. Also to develop information assurance (IA) plan, a list of the requirements for each of the seven domains. Department of Defense (DoD) Standards and Requirements This project must meet the requirements of DoD security policies and standards for delivery of the technology services....   [tags: Security, Risk, Risk management, Access control]

Better Essays
1924 words (5.5 pages)

Importance Of Iso 27002, Cobit, Nist, And Itil Frameworks Essay

- Part B. Comparison of the ISO 27002, COBIT, NIST, and ITIL frameworks. 1. Common Usage of the Framework ISO 27002: This framework is commonly used by organizations that are interested in deploying and managing an information security management system (ISMS) based on best practices. COBIT: This business framework is often used as a comprehensive IT management and governance framework. It helps with security and regulatory compliance, such as Sarbanes-Oxley. NIST: The federal information systems and organizations require FIPS Special Publication 800-53 to be in compliance with the security and privacy controls mandated by the U.S....   [tags: Information security, Security]

Better Essays
1284 words (3.7 pages)

Essay about Questions On The Information Resources Protection

- 1. Introduction The information resources protection has become more complex and challenging for organizations in a rapidly changing security threat setting. The adoption of cloud computing technologies by organizations, and the extensive use of internet services by customers for daily activities like bill payments, communication, banking, etc. are few examples illustrating the shifting technological scene in organizations. The shift towards these new technologies presents new risks to an organization’s information assets....   [tags: Risk, Risk management, Management, Security]

Better Essays
1015 words (2.9 pages)

Limitations Of The Proposed Implementation Essay example

- Limitations of the proposed implementation: Although there are a lot of advantages of adopting a Hadoop-based approach, there are disadvantages too. In this section, I have highlighted some of the limitations that are related to the use of Hadoop. Below is a comprehensive list: 1. Security Concerns: Data security is the primary concern of a financial institution like a bank. It needs to protect its customer information, their transactional data and their unstructured data in the form of emails and social media information....   [tags: Information security, Security, Implementation]

Better Essays
780 words (2.2 pages)