Figure 1: Concept of People, Process and Technology
Attacks upon information security infrastructures have continued to evolve steadily overtime making the management of information security more complex and challenging than ever before (Deloitte East Africa, 2011).
Information security management systems should be implemented, maintained, monitored and reviewed regularly to ensure their effectiveness. This is according to the best practices in information security. (Amason and Willet, 2008). Information management System’s failure is very critical and would lead to losses for a university. For example, the failure of the integrated Financial Management System could lead to the process of admission of students and recruitment of new staff coming to a standstill as this system crucial. Failure of examination systems that p...
... middle of paper ...
...rol security measures. Mwakalinga hence concludes that security frameworks should be aligned with the major information systems security standards and mapped with reported ICT crimes cases. Beaudin (2015) further notes that these Colleges and universities require information security policies in place, and breach response plans to ensure that they will decrease their potential liability in the event of a breach. Ellucian (2013) confirms that cyber-attacks on colleges and universities now account for some 17 percent of all data breaches, second to the medical industry. The rise in data breaches and cyber-attacks on universities and colleges in frequency and sophistication shows there is need to investigate the current information security implementation. The study therefore seeks to assess information security system implementation in public universities in Kenya.
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- The famous cryptographer Bruce Schneier once said that “[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of Information Security Management is employed by businesses through a variety of standards, best practices, and frameworks to combat this issue. Their adoption of best practices in the public domain allows businesses to strive for improvements through their own interpretation. These best practices are sourced from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma, or ITIL.... [tags: Information security, Security]
1160 words (3.3 pages)
- ... Each of the seven domains poses a different business challenges that IT management should concentrate on or be aware of when developing IT Security Policy Frame. The first challenge is in the user domain. We must train our employees to ensure they are aware of the security policies. Employees need to understand the policies and how it aligns with business goals and mission statement. Another challenge in this area is handling of sensitive information and non-public customer identifying information.... [tags: protect, firewall, virus]
848 words (2.4 pages)
- An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research.... [tags: it security, risk management, nist]
1902 words (5.4 pages)
The Legal Department Is Essential For Generating Profits, Effectiveness And Efficiency Of The Company Security Divisions
- Furthermore, while productivity of the other firm’s department is essential for generating profits, the effectiveness and efficiency of the company security divisions is vitally important for the very company survival. Therefore, the firm should reduce its dependency on particular professionals to the utmost. As a result, rotating professionals from the different departments is mandatory in order to ensure that a security professional is capable of executing any task entrusted to him. d) Legal Department – it is reasonable to believe that the legal department has already been established in the company.... [tags: Security, Computer security, Physical security]
945 words (2.7 pages)
- Talking about risk that you can have on your system could be a lot of things one thing that it could happened to your system it can be hacked very easily. Most computer have a very weak safe guards that would prevent attackers to get access to the system. The next thing that would put you at risk is a virus attacks, because the company that you are working for don’t want to spend the money out to update there anti-virus software. An risk that you may also have is that your company does not have a qualified IT technician at the place where you work.... [tags: Computer security, Security, Information security]
1367 words (3.9 pages)
- Cloud Testing Challenges Cloud testing techniques are still in its infancy stage, there are several challenges associated as below (Jain & Malhotra, 2013; Gopalakrishnan, Prakash & Ramadoss, May 2012): Cloud Service Model: With a variety of service models and having clients from multiple domains makes it very arduous for test team to engender an optimal test matrix. For each service model, subscriber has access to different set of system components and hence has different use cases for testing availability, security, and performance.... [tags: Saas application, encryption testing]
820 words (2.3 pages)
- Introduction: This document will outline the policies and practices to be used and implemented in compliance with DoD specifications and standards for the contract of services to be provided to them. This report will consist of creating security controls based on auditing frameworks within the seven domains. Also to develop information assurance (IA) plan, a list of the requirements for each of the seven domains. Department of Defense (DoD) Standards and Requirements This project must meet the requirements of DoD security policies and standards for delivery of the technology services.... [tags: Security, Risk, Risk management, Access control]
1924 words (5.5 pages)
- Part B. Comparison of the ISO 27002, COBIT, NIST, and ITIL frameworks. 1. Common Usage of the Framework ISO 27002: This framework is commonly used by organizations that are interested in deploying and managing an information security management system (ISMS) based on best practices. COBIT: This business framework is often used as a comprehensive IT management and governance framework. It helps with security and regulatory compliance, such as Sarbanes-Oxley. NIST: The federal information systems and organizations require FIPS Special Publication 800-53 to be in compliance with the security and privacy controls mandated by the U.S.... [tags: Information security, Security]
1284 words (3.7 pages)
- 1. Introduction The information resources protection has become more complex and challenging for organizations in a rapidly changing security threat setting. The adoption of cloud computing technologies by organizations, and the extensive use of internet services by customers for daily activities like bill payments, communication, banking, etc. are few examples illustrating the shifting technological scene in organizations. The shift towards these new technologies presents new risks to an organization’s information assets.... [tags: Risk, Risk management, Management, Security]
1015 words (2.9 pages)
- Limitations of the proposed implementation: Although there are a lot of advantages of adopting a Hadoop-based approach, there are disadvantages too. In this section, I have highlighted some of the limitations that are related to the use of Hadoop. Below is a comprehensive list: 1. Security Concerns: Data security is the primary concern of a financial institution like a bank. It needs to protect its customer information, their transactional data and their unstructured data in the form of emails and social media information.... [tags: Information security, Security, Implementation]
780 words (2.2 pages)