StudentShare solutions
Triangle menu

Assessment of Technology centric Strategies for information security in an organization - Essay Example

Not dowloaded yet

Extract of sample
Assessment of Technology centric Strategies for information security in an organization

It is a "best practices" strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations." [National Security Agency]
Fahey (2004) graduated from the SANS GSEC course and uses their systematic approach to addressing risk through defense in depth. The SANS approach promulgates an efficient and cost effective methodology for improving security. The organization for which he works already had a number of policies, each designed to address a multi-layered approach to IT security such as operations security, physical security and contingency and disaster recovery. Furthermore external security personnel routinely came to the organization to perform security audits. He was concerned that one area which had not been addressed was:
"a systematic procedure designed to protect against electronic attacks from hackers. This was due in part to the false sense of security which comes from being behind a firewall and partly from a lack of experience in the information security field." (Fahey, 2004, p3)
In putting together a Defense in Depth security policy one must consider the characteristics of one's adversary, the motivation behind an attack and the class of attack. An adversary may be anyone from a competitor to a hacker. They may be motivated by theft of intellectual property, denial of service or simply pride in bringing down a target. Classes of attack include passive or active monitoring of communications, identity theft or close-in attacks. Besides deliberate attacks there may also be inadvertent attacks on the system, such as fire, flood, power outages - and most frequently - user error.

Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as:
Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation. The application of these services should be based on the Protect, Detect, and React paradigm. This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools and procedures that allow them to react to and recover from these attacks. No system is perfectly secure, and it has been argued that no system needs to be. To achieve Information Assurance focus must be balanced on three elements: People, Technology and Operations.

"Security goals have their own contradictions because confidentiality, integrity, privacy, accountability, and recovery often conflict fundamentally. For example, accountability requires a strong audit trail and end-user authentication, which conflicts with privacy needs for user anonymity." (Sandhu 2004, page 3)

Fahey's methodology for evaluating risk used the confidentiality, integrity, and availability (CIA) approach which emphasizes the importance to the organization of a particular information asset. This approach focuses budget managers on the real threats to reputation and therefore the business' ability to survive against its competitors.

Fahey focuses on 3 security risks in his article: passwords, policies and patches. Fahey's risk assessment relies heavily on SANS assessment of the top 20 risks for networks in 2003/4. This brings to light the ...Show more

Summary

Over the past two decades, the information systems model has changed from a centralised one with limited access to a model that is distributed in terms of how information is collected, shared and made available. This change, together with improvements in computing infrastructure, has exposed new vulnerabilities that simply were not considered before…
Author : qschumm
Assessment of Technology centric Strategies for information security in an organization essay example
Read Text Preview
Save Your Time for More Important Things
Let us write or edit the essay on your topic
"Assessment of Technology centric Strategies for information security in an organization"
with a personal 20% discount.
Grab the best paper

Related Essays

Technology of Information Security
The technique has been in existence for a long time but is not yet fully reliable thus posing a danger to all the information that is shared via the internet. Methods of encryption are on the rise because of the rapid growth in the technology sector all over the world.
3 pages (750 words) Essay
Information Technology Security
The protection of such information as bank account statements, credit card numbers, personal information, government documents, and trade secrets remain a critical part of information security. Confidentiality of information relates to safeguarding of information from disclosure to unauthorized parties (Feruza and Kim 2007, pp.19).
3 pages (750 words) Essay
Information and Network Centric Operations
Distributed networked operations envision combat being conducted by large numbers of diverse and small units-rather than by small numbers of generally homogenous, large units. In theory and to a significant extent in practice in the world, distributed networked operations involve a mixed bag of naval, ground and air units, none of which is individually as powerful as a fleet, air wing or armored division.
13 pages (3250 words) Essay
Role of Information Technology
As far the suggestion for recommending Information 'Technology for developing countries, the answer is indicated as "YES " and detailed justification appended to the statement. A detailed example is quoted for better appreciation of the Paper. The Paper concludes with a recommendation for implementation of Information Technology.
13 pages (3250 words) Essay
Computer Security Information Risk Assessment & Security Management
This data is considered confidential because access to the Computer and its data is supposed to be restricted to a limited number of users. This confidentiality can be compromised in a variety of ways. For example, integrity and confidentiality of computers and their data can be compromised by computer viruses and worms.
4 pages (1000 words) Essay
ECOM20001 Information System Management (information system of master)
It also involves investigation and know-how of modern technology that helps the leading organizations in attaining their primary goals and objectives successfully within the targeted deadlines while gaining their 100 percent customer satisfaction ratio. Information Management System is an organized system or procedure through which information is provided for better management of an organization efficiently.
12 pages (3000 words) Essay
Information Technology Security
Technology is shaping our world. It has become a part of everyone’s lives and it rules almost every action of ours. However, every new development has some merits and demerits. In this essay we
15 pages (3750 words) Essay
VOIP security (information technology)
The five security threats are man in the middle attack, Phreaking, vishing, VoIP spam and distributed denial of service attack or simply DoS attack. VoIP network are vulnerable to MITM or man-in-the-middle attacks, this is due to insufficient verification of
3 pages (750 words) Essay
Technology of Information Security
On the other hand, some organizations prefer to store their data in the decentralized data storage system. In this scenario, each user is individually responsible for managing and updating his own data on his own computer. However, the most commonly used scenarios
2 pages (500 words) Essay
Information Technology Security
client personalities, access benefits for every framework and information gathering should be recognized, and access rights must be in accordance with characterized and reported business needs and it should reflect the ideas of minimum benefit and isolation of obligations
11 pages (2750 words) Essay
Get a custom paper written
by a pro under your requirements!
Win a special DISCOUNT!
Put in your e-mail and click the button with your lucky finger
Your email
YOUR PRIZE:
Apply my DISCOUNT
Comments (0)
Rate this paper:
Thank you! Your comment has been sent and will be posted after moderation