Key Information Security Issues - Case Study Example

Information Security Student Name Institution Affiliation Information Security Introduction In an organization, the protection of information is imperative as it ensures that it is only utilized as required. Therefore, information security entails ensuring availability of data on computer systems, integrity, and confidentiality (LAM, 2017). At times the acronym CIA is used regarding information security to refer to confidentiality, integrity as well as the availability of data. The entire process goes a long way to handling risks. As such, sensitive information is protected from change, and alterations without authorization from malicious parties (LAM, 2017). In that regard, the scope report will center on Jack Doe, an employee of 3D Media Communications Ltd and what he should do to enhance the security of his work information. As the community liaison officer, he handles critical client information that should remain secure to maintain the customers, ensure his reputation and his company's. However, the report will use the assumption that Jack is not a target but rather is prone to one. With that, this report will detail key information security issues concerning Jack’s handling of his work information, associated attacks, risks, impacts of attacks, countermeasures, and mitigation effects of the countermeasures. Case Study Concept Map What Information Needs Protecting? In organizations and the society, having the right information is imperative. It allows for proper communication from the management to the subordinates and good decision making. Similarly, in organizations, the information allows employees to solve problems that require analysis of given scenarios. Also, the availability of information in society paves the way for the creation of job opportunities in different sectors (LAM, 2017). Jack Doe's scenario shows that he needs to protect various information from getting into the wrong hands. This data includes; client information in Western Australia, private business for the customers and financial transactions. This information is what Jack requires for his company to provide the relevant services to all its clients. In that case, access to it by a malicious party is a violation of the confidentiality of the information. The idea of data confidentiality infers to the discretion of particular information. In that case, Jack should find a way of protecting this information since it’s a valuable asset to his company. For instance, encryption of the data could ensure that he is the only individual who can access the information irrespective of the point of access. Associated Attacks In information security, an attack is an action initiated by one computer on another with the intention of compromising the availability of data, integrity and its confidentiality. However, there are physical attacks where the devices such as computers are stolen to acquire organizational information. With that in mind, there are various attacks that Jack Doe is prone to. For instance, data modification, eavesdropping, malware, the introduction of sniffer programs, termination of the data applications and disabling the security controls (LAM, 2017). In the event of any of these attacks, then Jack would not access his information. On the worst case scenario, he may lose it. The problem initiated with attacks is that they cause the violation of data integrity. That means that the wholesomeness of the information is lost in that some bits may be deleted or manipulated. Eventually, if the situation is not corrected, Jack might lose his entire clients since no one would like their confidential information stored in an unsecured place. Furthermore, his company will be on the line since the withdrawal of customers may mean no business for the firm. The Risks Paused by an Attack Information attackers find for vulnerabilities in their victims before launching their moves. They keep advancing their techniques from time to time to make it practically impossible to sense their presence and keep them from accessing networks. Unfortunately, even with the right information security tools, there is the possibility of an attack. One of the risks of an attack on Jack laptop is the denial of service. In this case, the MS Word and Access programs may crash when he wants to use his information. Therefore, it will be impossible to view the client information in either Microsoft Word or Access. Similarly, Jack may experience data modification as well as deletion issues. Some of the attackers may consider erasing Jack's information from his computer's hard drive when they access his network. Others may opt to plant malware and sniffer applications. As such, they can keep track of the information he has on his computer and does anything with it. The Impact of Attacks on Jacks Information The lack of implementation of security measures exposes information to attack. These attacks may be instigated through the computer network where the attacker finds access to unsecured data (Whitman, 2016). Furthermore, the fact that Jack moves with his laptop having unsecured files from work and to the internet introduces further security issues. For instance, the internet café's network may be vulnerable which may position him as a victim of the attacker of that network. First, data modification may bar his access to the client list as well as other authorized individuals in his company. Second, the issue of eavesdropping may provide the attacker with appropriate information to conduct business with the listed clients. Therefore, making Jack look as if he is moving clients from his company. Third, the issue of malware may corrupt information on Jack’s computer making it inaccessible or scrambled. In that way, he may not be in a position to conduct his business as a liaison officer. Fourth, the introduction of sniffer programs would provide the attacker with leverage against Jack. Therefore, they may decide to manipulate him for personal gains. Lastly, the disabling of security control would increase the level of Jack’s information to further attacks. Eventually. The confidentiality of information, integrity, and accessibility would be infringed. Applicable Countermeasures Fortunately, most of the information security threats have countermeasures. Therefore, the only task left is the identification of the right measures to take for instance through understanding the nature of an attack (LAM, 2017). In that way, it becomes easy to determine the level of implementing countermeasures, for instance, differentiating from the computer and network application. In this scenario, the recommendations for information security attacks are affordable and easy to effect. On the part of sniffing and spoofing, Jack may consider using complex passwords for his laptop. That would make it difficult for attackers to access his information. When dealing with the issue of malware, he should consider a reliable antivirus program which is readily available through various computer application vendors. On the matter of modifying information, it is recommended that Jack uses digital signatures, encryption, and stronger authentication to secure his work information. Finally, on the issue of denial of service, it would be advisable that he considers using bandwidth and resource throttling methods. Additionally, the validation and filtering of inputs would help on the matter of denial of service attack. In so doing, Jack would be assured of protection from common information security threats. The Relative Cost of the Identified Countermeasures In this report, the identification of information attack countermeasures is based on affordability by Jack. As identified, the methods are simple, require less implementation time, and skills. More so, it would be easy for Jack to monitor his information and scan for any malware and sniffer applications to protect his work data. Furthermore, owing to the importance of information to 3D Media Company and its clients, it is only right to secure the information. The applications of stronger authentication, encryption and digital signals is free. In this case, the cost is time, as Jack will have to continually change his password and encryption keys to guarantee his information security. However, he will have to purchase a reliable antimalware program within his budget. Mitigation effects of the Countermeasures In information security, people are always on the quest for superior protection techniques. Similarly, attackers improve their skills by the day such that they become dangerous. This field has a challenging environment as the increasing level of attacks cause people to use a lot of time implementing security measures (Zelkowitz, 2004). Similarly. Software developers continually create patches to enhance the safety of their products. All in all, mitigation measures play key in the process of information protection. First, data theft is strongly countered and in some cases eliminated. In such instances, organizations are assured that they can have peace knowing that no attacker is near their information (Whitman, 2017). Second, the time spent is struggling to find the cause of attacks is not spent in implementing better solutions. In that way, the confidentiality, integrity, as well as accessibility of organizational information, is guaranteed (Whitman, 2017). For instance, if Jack manages to secure his client information, he will be in a better position to determine the techniques that better protect his data. Lastly, the entire process of implementing information security and risk mitigation techniques enlightens an individual. In that case, Jack Doe will be aware of the importance of data security to his company, clients and as an individual. Why Practice Information Security The information held in organizations is important in decision making, analyzing trends, communication and determining strategies to implement (Zelkowitz, 2004). Therefore, the usefulness of information cannot be overlooked, but it should be protected from unauthorized parties. Data security creates awareness and everyone in an organization realizes the need for simple procedures such as creating complex passwords. As such, it becomes a culture and such as organization can implement sophisticated techniques such as network level protection. In that way, the loss of critical documents is prevented (Whitman, 2016). Similarly, firms can comfortably conduct a risk assessment to determine the areas that require reinforcement in an attempt to remain secure from outside penetration. With that, clients can be comfortable knowing that their confidentiality is certain (Zelkowitz, 2004). Eventually, that translates to more business for such a company. As such, 3D Media may adopt such a culture so that it no longer becomes the burden of a single person but the responsibility of everyone. That would ensure the accountability of each employee since they will know that they are entrusted with the duty of protecting the information they use at work. With the knowledge of information security, a firm may choose to educate its workforce or hire qualified ones. Then, the goal would be to protect its information asset as a result of the benefits of this resource. Also, strict policies will be enforced to ensure that everyone follows the right procedures as directed by the system administrator (Zelkowitz, 2004). And with that, employees can respond to attacks with intelligence rather than panic. That means, in the slightest of chances information can be salvaged when the best skills are employed. In this scenario, 3D Media would benefit greatly from enforcing the simple information security measures such as encryption, using digital signals and secure authentication (Whitman, 2017). Such a move begins with small steps before finally shifting to the complicated methods. As a result, an employee handling sensitive information such as Jack Doe would know how to protect it from attackers. At the same time, he would know that an internet café is not the best place to operate company business since the network there may be compromised. Conclusion The case scenario of Jack Doe represents most of the internet users who are unaware of the presence of online attackers. Furthermore, it demonstrates the usefulness of information security in an organization. In the society as well as companies, information is the tool that enlightens and therefore people can make sound decisions. More so, some people analyze data to find meaningful patterns that aid in creating strategies in business. As seen in this case scenario, the protection of information starts with small steps and then advances. It is more of a routine rather than a one-time thing. The reason being that the information security environment evolves and one needs to be on toes. Otherwise, they may be shocked by an attack which may compromise the integrity of their data. At the same time, attacks on organizational information are random which makes them difficult to anticipate. As seen, Jack represents a novice employee who is unaware of the dangers of unsecured information to his organization. However, his situation can be corrected by educating him on this matter. References LAM, K. W. (2017). INFORMATION AND COMMUNICATIONS SECURITY. Place of publication not identified: SPRINGER INTERNATIONAL PU. Whitman, M., & Mattord, H. J. (2017). Management of information security. Boston, MA: Cengage Learning. Whitman, M. E., & Mattord, H. J. (2016). Principles of information security. Zelkowitz, M. V. (2004). Information security. Amsterdam: Elsevier Academic Press. Read More