Information assurance:
Most important aspects and considerations
By Andrew Irechukwu, Jakiha Johnson, Akil Kelly, Megan Gilliam
COSC 432 Professor Lamma
References:
Principles of Information Security, Fifth Edition
December 12, 2016
Technology has grown tremendously over the past few decades. Everyday businesses, governments, and everyday people rely on technology for things from banking to communicating with loved ones and business associates. Disrupting this technology can cause major losses monetarily and in the sense of information. According to Information Security Curriculum Creation: A Case Study, “A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum.” There is a strong need to secure and protect information for many, many reasons and as such it is important that an undergraduate curriculum provides a comprehensive approach to teaching information security concepts to its students.
Since the beginning of the Fall 2016 semester, we have covered a great deal of information in our information assurance class. We defined information security and discussed topics such as why we need security, the legal, ethical, and professional issues involving information security, managing and mitigating risks, how to effectively plan for security, tools such as intrusion detection and prevention systems, cryptography, physical
Information assurance seeks to secure this information from unauthorized access or use. With our ever advancing technological environment, business are struggling to protect themselves and the information that customers have entrusted to them with occasional mis-steps serving as reminders that one can never be too careful.
Three main area of accountability regarding information security. When discussing each area, provide an example from outside the textbook. 3-4 pages.
“… The protection of computing systems and the data that they store or access (University).” To them computer security is important because “Enabling people to carry out their jobs, education, and research, Supporting critical business process, Protecting personal and sensitive information.” (University)
Whitman, M. E. & Mattord, H. J. (2013). Management of information security. (4th. ed). Retrieved from https://www.betheluniversityonline.net/
Defense-in-depth is a commonly cited best practices strategy for achieving Information Assurance. It is an approach to security that layers controls thus increasing security for the system as a whole (United States National Security Agency, n.d.). Security controls derive from three primary categories: Administrative, Technical/Logical, and Physical/Environmental (Harris & Kumar, 2013, p. 28). To help mature and improve information security as a process and business enabler, it is critical that organizations adapt their understanding and cogency of administrative controls. The information security market is flooded with technical solutions that fit into technical/logical control categories. As more businesses move to the Cloud, physical and environmental controls are relegated to third-parties. To achieve true Defense-in-Depth, businesses must further develop their Administrative controls and efforts. This enables the business to understand the value of security, and enables security to align with business strategy (Cano M., Ph.D, CFE, 2014, p. 51-55). This paper will examine the importance of administrative information security controls and the role they play in Defense-in-Depth strategies by discussing the maturity of security programs, discovery of security program foundations, frameworks, and process, enterprise security architecture, and the governance of information security strategies.
On December 19, 2013, the field of information technology security was forever changed when Target publicly acknowledged that hackers have breached their system and personal information of about 70 million customers were stolen. This was an unprecedented event because before the breach many companies did not take IT security as seriously as they should. As the dust settled, the world witnessed what can happen when a company have a vulnerable security system. As impressive as this data breach look from a security perspective, the enormous attack wasn’t very ingenious. A few days before the Thanksgiving, a malware was installed in the target’s security and payment system designed to steal customers information from 1797 target stores in America. However, target could have easily prevent this attack they were more proactive about their security.
The academic disciplines of computer security and information assurance emerged along with numerous professional organizations – all sharing the common goals of ensuring the security and reliability of information systems.
After discussing the required material pertaining to university security, a person must understand that information security is a science that keeps changing. Therefore, universities need to keep up with the latest information from specialists and experts not just people in Academia(Viega, 2009). They also must train and educate their employees and students in information security. The
In this modern age where every bit of information is now being converted and made readily available in numerous digital formats, information security has staked a claim as one of the fastest growing fields of profession and study. A key component of information security is the CIA Triad, which stands for Confidentiality, Integrity, and Accessibility. The idea behind this is that the information being delivered to a consumer needs to be meant for the recipient, has to be consistent in nature, and has to be available as and when required (Villalba, Albuquerque, Orozco, Buiati, & Kim, 2014). However, it is not always easy to maintain a balance amongst the three of them, especially when it comes to the healthcare segment where
Within any organization, Information Security and Assurance has a huge role in protecting the network systems by all means necessary. This is why the Information Security and Assurance Department plays a key role in defeating the threat of today and the future. The first and foremost task we must execute is to conduct an analysis on the current information technology systems. Upon recognizing and discovering several issues within the organization’s existing information technology systems, we can start preparing resolutions for each and every one of them. To protect your sensitive information and systems, you must avoid a fortress mentality and be capable of adapting to an ever-changing environment Vladimirov, A. A., Gavrilenko, K. V., Mikhailovsky, A. A., ebrary, I., & Ebrary. (2010). Possessing the criterion for Information Security and Assurance with the specialization in CyberSecurity, I set forth the following proposal, The Information Security and Assurance Initiative. This program is to design, educate, and maintain an IT platform to support and answer the organization’s mission, visions, and goals without compromising the systems’ integrity and security. We will form an Information Security and Assurance Department that has the capability, experience and professionalism to bring this program to the next level without compromising the integrity and security of this organization.
Developing the skills required to ensure best practice in the Information Technology world starts here and now. Cyber-criminals, hackers, pentesters, corporate espionage, and disgruntled employees are everyday annoyances IT professionals will find themselves devoting massive amounts of time to, while maintaining their respective networks' functionality for legitimate users. The field covers all the processes and mechanisms by which computer-based equipment, information are protected from unintended or unauthorized access, modification or removal. Computer security is a critical part of technology as it grows in our daily lives.
Hence, it is important to have information and data security at place that will address the key issues for the organization. For this purpose, the information security of the given organization should be based upon certain principles that include – confidentiality, availability, integrity, and accountability.
As web technology usage increase for businesses so does the need for security. Our web presence here at Information Assurance is very important to the growth of the business. Our webservers are a crucial element of our web infrastructure and a single vulnerability can lead to a security breach which can affect Information Assurance’s creditability. Which is why we must have webserver security a high priority for our growing business. Our webserver hosts our website over the internet for client interact. We must keep this interaction safe and secure so we don’t face the same issues we suffered from in 2001 with denial of service attacks and the defacement of our website.
In business today the business process is almost entirely ran using information systems. At the end of the last millennium business spent an estimated five hundred billion dollars fixing the Y2K bug (Svaldi, 2000, p 2048). This is an example of how important the information system has become to the business process. This is why information system security has become such a high priority in corporations today. Think of having a high value company asset left out in the open for anyone to steal. This the equivalent of an information system without proper security. Adequate and sophisticated security structure is not something that falls into place by accident it takes strategic planning and implementation. Building security for an information system demands a broad range of expertise including cryptography, cryptographic protocols, system reliability, organizational and legislative matters (Trcek, 2000, p. 1716)
In the past few decades, personal privacy information is one of the world biggest things that people pay attention to it. With today modern technology, information security has become one of the most significant careers in the industries, and organizations assets, which appropriately need to protect the information. It has created different types of positions in the organizations and companies that can fit in a global business as a professional career. By using the operating systems through the internet, especially computer networks, security systems, or cellphones, business relies on Information Security or Information Technology to conduct in companies. So, the careers in the computer science or IT field are very a world wide spread use. The organizations are working and practicing together to ensure that IT can understand the requirement of business needed for the security systems. With the growth of using information system, it increases the concerns and attention about information security based on the perspective theory that views this profession in many different perceptions. Therefore, the approaches of this field is targeting from different perspective that provide insights about the technology systems can go through businesses, becoming more importance and need the protection from this profession.