StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information and Communication Technology Management and Information Security - Assignment Example

Cite this document
Summary
As the paper "Information and Communication Technology Management and Information Security" outlines, the Project Management Body of Knowledge consists of a set of procedures and various knowledge areas normally acknowledged as the most excellent practice inside the project management control…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96% of users find it useful

Extract of sample "Information and Communication Technology Management and Information Security"

ICT MANAGEMENT AND INFORMATİON SECURİTY ICT Management and Information Security Author Author Affiliation Date Question 1 A report on one of the knowledge areas: The Project Management Body of Knowledge (PMBOK) consists of a set of procedures and various knowledge areas normally acknowledged as most excellent practice inside the project management control. Additionally, as a globally recognized standard (IEEE Std 1490-2003) it offers the basics of project management, irrespective of the kind of project such as how it is structured, engineering, software, automotive etc. In this scnario, PMBOK offers 5 fundamental procedures along with 9 knowledge different knowledge areas usually for almost all kinds of project. In addition, the fundamental ideas are appropriate to projects, plans and operations. The five fundamental procedure groups are: (Haughey, 2011) Initiating Planning Executing Monitoring and Controlling Closing In case of PMBOK we have nine knowledge areas those are outlined below: (Haughey, 2011) Project Integration Management Project Scope Management Project Time Management Project Cost Management Project Quality Management Project Human Resource Management Project Communications Management Project Risk Management Project Procurement Management Project Scope Management Plan This section discusses one of the knowledge management areas. For this purpose I have chosen project scope management plan. The project scope management plan directs explicitly to the input/output system that composed of a formal document that is employed for carrying out the functions of detailing precisely how the project scope will be described, what outlines will be assumed to build up the project scope, how the project scope will eventually be established, as well as precisely how some and the entire mechanisms of the work breakdown structure will be eventually formulated and defined. Additionally, the project scope management plan is also used to demenostrate information as well as help in determining accurately how the really scope of the project will eventually be controlled in the management procedures by the project management team and/or the project management team manager. In this scnario, the real project scope management plan, as demnostrated by majority project management parts, could be an extremely officially written document, or it could be a great deal more casually written document. However, the specific level of the document could vary wildly, relying on precisely what the requirements of the project dictate (Project Management Knowledge, 2011), (Nutek, Inc., 2011) and (project-management-knowledge, 2011). Question 2 (Some ways to understand enemy) The development team is updated all through the investigation stage of the project that establishes a beginning analysis of existing security policies or plans alongside by means of documented threats as well as linked controls. Addtionally, the analysis stage as well comprises an analysis of applicable legal issues that could influence the design of the safety solution. In addition, the analysis phase includes risk management task that as well starts in this stage (Joshi, 2010). In this scnario, risk management is the procedure of recognizing, assessing, and appraising the levels of risk affecting the business, particularly the threats to the organization’s safety as well as to the information stored as well as processed by the business (Joshi, 2010). The SecSDLC procedure engages the recognition of exact threats as well as the risks that they signify, and the following design and implementation of exact controls to counter those fears and help the organization manage those risks. Additionally, the analysis phase also encompasses the exploration in the SecSDLC, which is carried out by a threat agent that harms or steals an organization’s physical or information asset. In this scnario, the vulnerability is recognition of weakness of a controlled system in which required controls do not exist or are no longer efficient (Joshi, 2010). Some of the widespread attacks that can be identified in the analysis phase are: (Joshi, 2010) Malicious code. Hoaxes . Back doors. Password crack. Brute force. Dictionary. Denial-of-service (DoS) and distributed denial-of-service (DDoS). Spoofing Man-in-the-middle Spam Mail bombing. Sniffer Social engineering Buffer overflow Timing Moreover, the final step in analysis stage of the SecSDLC lifecycle is about knowing who is the enemy. It requires discovering a number of techniques of prioritizing the risk posed by every group of threat and its connected techniques of attack. In addition, it could be carried out by adopting threat levels from an obtainable study of threats, or by formulating our own classification of threats for our environment foundational upon the situation of analyses. Moreover, in an attempt to manage risk, project managers must be aware of the value of their information assets. Additionally, this iterative procedure has to comprise a classification as well as categorization of the entire elements of an organization’s arrangements like that procedures, people, information, software, data, hardware as well as networking fundamentals. The subsequent challenge in the analysis stage is to give importance to every information asset for every threat it faces as well as generate a list of the vulnerabilities (Joshi, 2010). Question 3 Example of a disaster recovery plan: A disaster recovery plan (DRP) is frequently recognized as a business process contingency plan (BPCP) or business continuity plan (or BCP), which is aimed at explaining how a company could be able to implement possible disasters managements strategy. Additionally, a disaster is an occasion that makes the continuance of standard functions not possible, a disaster recovery plan composed of the protection formulated as a result that influences a disaster will be reduced as well as the business will be capable to either uphold or rapidly start again mission-critical purposes. Normally, disaster recovery planning engages an analysis of business procedures as well as continuity requirements; it can as well comprise a major focus on disaster prevention (TechTarget, 2008). Additionally, the main purpose of disaster recovery planning is to defend the organization in the occasion that the entire or fraction of business or its processes and/or computer services are provided unusable. In this scenario, attentiveness is the main aspect of this strategy for the business continuity management. Additionally, the planning procedure should reduce the disturbance of operations as well as makes sure a number of level of corporate constancy and an arranged recovery later than a disaster. Other aims and objectives of disaster recovery planning are outlined below: (Wold, 2011) and (Roos, 2011) Reducing risk of delays Offering a sense of security Offering a standard for testing the plan Reducing decision-making all through the process of a disaster Assurance the reliability of reserve systems Moreover, suitable plans differ from one business to another, relying on variables like that the kind of company, the procedures comprise, and the intensity of security required. In this scenario, the disaster recovery planning can also be built inside a business or purchased as a software system or a corporate operations management service. In addition, it is not strange for a business to spend 25 percent of its information technology resources on disaster recovery. However, the compromise inside the disaster recovery business is that the majority companies are yet ill-prepared for a disaster (TechTarget, 2008). Question 4 Wxample of an enterprise information security policy. In this section I will present a enterprise information security policy for a business. For this purpose, I have chosen the business information security policy of the Kennesaw State University technology. This poicly enables the Kennesaw State University to offer minimum information for security application for resources, devices, and associated communication. This strategy is planned to offer a way University security works to make sure the integrity, confidentiality as well as availability of campus information (kennesaw State University, 2010). In fact, the information security is described as the defense of information as well as its important elements, comprising the systems and hardware that store, utilize or process, and broadcast that information. In this scnario, Kennesaw State University’s information safety model is based on accepted federal strategy as well as composed of technical education, measures and awareness, identity management and policies and procedures. Additionally, these protection along with a lot of others, perform jointly to make sure data privacy, availability as well as integrity at Kennesaw State University (kennesaw State University, 2010). In addition, University data and information assets are at risk from possible threats like that malicious or criminal act, employee error, system breakdown and natural disasters. In the same way, similar circumstances could cause harm to information resources, loss or corruption of data integrity, or the compromise of data and information privacy. In this scnario, the university information security headquarters looks for to proactively diminish the risks to electronic data and information resources in the course of application of controls to determine and stop errors previous to they happen. Moreover, the detrimental access to the Kennesaw State University enterprise information and data network uses some interference, from either an inner or outside entity, that makes some circumstances whereby verification and access control methods to avoid the privacy or integrity of information resources or provide them engaged (kennesaw State University, 2010). Question 5 Identify recent information security breaches: Accoording to various breaches surveys, the information technology has sustained to develop fast in the course of large level utilization of virtualization, cloud computing and social networks. In this scenario, the organizations both in public as well as private sector have performed extra work to recognize the risks they having, by means of 82 percent of big ones as well as 75 percent of smaller ones assessing information security dangers at the present, compared to 48 percent who did so in 2008 (Condon, 2010). In addition, the public sector corporation that owns the Nasdaq Stock Market in 2010 sated that its servers had been breached. Additionally, through normal security monitoring systems corporation detected suspicious records on the U.S. servers not linked to corporate trading systems as well as assessed that company web facing application Directors Desk was possiblly influenced (Schwartz, 2011). Furthermore, in 2011 United States Attorney Paul J. Fishman announced the arrest of "two self-sated Internet 'trolls'" for their participation in harvesting of e-mail addresses from 120,000 Apple iPad clients in June, 2010 (Claburn, 2011). References Claburn, T. (2011, January 09). Two Arrested For AT&T iPad Network Breach. Retrieved August 18, 2011, from http://www.informationweek.com/news/storage/security/229000863 Condon, R. (2010, April 28). Information Security Breaches Survey: Attacks hit new high. Retrieved August 18, 2011, from TechTarget.com: http://searchsecurity.techtarget.co.uk/news/1511048/Information-Security-Breaches-Survey-Attacks-hit-new-high Haughey, D. (2011). The Project Management Body of Knowledge (PMBOK). Retrieved August 16, 2011, from Project Smart: http://www.projectsmart.co.uk/pmbok.html Joshi, J. B. (2010). Planning for Security. Retrieved August 15, 2011, from www.sis.pitt.edu/~jjoshi/IS2820/Spring06/chapter02.doc kennesaw State University. (2010). Enterprise Information Security Policy. Retrieved August 17, 2011, from http://its.kennesaw.edu/infosec/docstore/policy/eisp.pdf Nutek, Inc. (2011). Project Management Body of Knowledge (PMBOK). Retrieved August 16, 2011, from http://nutek-us.com/PMBOK_Slides.pdf Project Management Knowledge. (2011). Project Scope Management Plan. Retrieved August 17, 2011, from http://project-management-knowledge.com/definitions/p/project-scope-management-plan/ project-management-knowledge. (2011). Project Management Knowledge Area. Retrieved August 17, 2011, from http://project-management-knowledge.com/definitions/p/project-management-knowledge-area/ Roos, D. (2011). How Disaster Recovery Plans Work. Retrieved August 17, 2011, from http://communication.howstuffworks.com/how-disaster-recovery-plans-work.htm Schwartz, M. J. (2011, February 07). Nasdaq Confirms Servers Breached . Retrieved August 16, 2011, from http://www.informationweek.com/news/security/attacks/229201276http://www.informationweek.com/news/security/attacks/229201276 TechTarget. (2008, March). disaster recovery plan (DRP). Retrieved August 16, 2011, from http://searchenterprisewan.techtarget.com/definition/disaster-recovery-plan Wold, G. H. (2011). Geoffrey H. Wold. Retrieved August 17, 2011, from http://www.drj.com/new2dr/w2_002.htm Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(ICT Management and Information Security - The Project Management Body Assignment, n.d.)
ICT Management and Information Security - The Project Management Body Assignment. https://studentshare.org/information-technology/2059054-itc358-ict-management-and-information-security
(ICT Management and Information Security - The Project Management Body Assignment)
ICT Management and Information Security - The Project Management Body Assignment. https://studentshare.org/information-technology/2059054-itc358-ict-management-and-information-security.
“ICT Management and Information Security - The Project Management Body Assignment”. https://studentshare.org/information-technology/2059054-itc358-ict-management-and-information-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information and Communication Technology Management and Information Security

Information Security Risk Assessment Framework

One, it frames the problem by stating information and communication elements of the ICS that need protection.... Computer Sciences and Information Technology Annotated Bibliography Topic: information security Risk Assessment Framework and Metrics in the South Australia Real Estate Sector.... Supervisor: information security Risk Assessment Framework and Metrics in the South Australia Real Estate Sector Australian Prudential Regulation Authority (2010) Prudential Practice Guide: PPG 234- Management of security risk in information and information technology....
15 Pages (3750 words) Annotated Bibliography

Information Security Management Issues

11 Pages (2750 words) Essay

Information Technology Security

The case study 'Information Technology security' demonstrates that computers came in and finally the Internet.... The problem is IT security.... In the 1970s, there was an increase in the usage of information technology.... hellip; information technology can perform countless tasks for the organization like capturing, storing, processing, exchanging, and using information for the company.... This essay is about the project management of an information technology application....
8 Pages (2000 words) Case Study

Information Technology Acts Paper

This act restricted companies to expose the customer information and take appropriate approval before carrying out such kind of activities.... This act also supported customer for the potential safety of their personal information and data.... hellip; However, the emergence of new technology has also created some of the ethical and security issues.... However, the emergence of new technology has also created some of the ethical and security issues....
3 Pages (750 words) Essay

Wireless technology security

Wireless Technology security A wireless network refers to the type of computer network not connected by any cables (Tse & Viswanath, 2005).... hellip; Wireless Technology security.... Wireless Technology security A wireless network refers to the type of computer network not connected by any cables (Tse & Viswanath, 2005).... This paper will discuss various wireless network types and security protocols.... Since setting up a wireless network must include means that ensure only authorized users can access and use it, the paper will also look at the security risks government and businesses run by using wireless networks with their associated security measures....
6 Pages (1500 words) Research Paper

Information and Communications Technology in Diplomacy

These include usage of intranet, on daily basis, for sharing ideas and communication.... This paper ''information and Communications Technology in Diplomacy'' discusses that foreign ministries around the world are still struggling to engage the benefits of information technology in their management of external affairs.... “information and Communications Technology” 193) Foreign ministries around the world are still struggling to engage the benefits of information technology in their management of external affairs....
8 Pages (2000 words) Literature review

The Unification of Information Security Program Management and Project Management

The breakthrough of the new technology and the aim of any organization or enterprise to achieve development and better service have pushed the unification of information security Program Management and Project Management.... As more organizations follow the trend of the new age, more and more people are learning to navigate in the field of information security so that they can supply each other the competence they need.... In light of the mentioned union, his paper will discuss the risks brought about by the new technology, the tasks to be dealt with in developing the Enterprise information security Program, and the adherence to executing risk management....
5 Pages (1250 words) Article

Information Systems and Security

The present age is the age of information technology; especially the ecommerce and communication technology has transformed the structure of business.... ne of the fundamental tools used in the information security is signature.... This research presents a detailed analysis of the "Information Systems and security".... … At the present time, there are better ways to communicate, transfer data, information retrieval as well as distribution, dealing and especially online business, but all these improvements in the fields of information technology also brought the challenges regarding the security....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us