Lesson 1: Understanding Security Fundamentals

Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should

As such, our company’s people resources pose the greatest risk for security breach. Our way to help mitigate risk in this area is to keep communication lines open in this area and to continually mandate security knowledge training, with mandatory updates on a regular basis. When the employees are informed of company policy when facing a security matter, they are better equipped to act in the best or right way. In this way knowledge is power – or at least empowerment to act in the best interest of the company’s information security.

The above stated problems are mostly related to the InfoSec principle. InfoSec principle helps in protecting information from unauthorized access, modification, disruption, destruction etc. The confidentiality, integrity, availability, non-repudiation and availability are some of the parameters which fall under InfoSec principles and understanding any security breach such as malware attacks, risk of hackers when studied in light of these parameters, can help in solving the

Due to the lack in data security elements, the following recommendations are suggested: strategy and risk assessment. Overall data security begins with the identification of risks and the strategy on the solution to those risks. This can be accomplished through a Strength Opportunities, and Threats (SWOT) analysis. Strengths and weaknesses are derived from internal factors, such as employees, while opportunities and threats are derived from external factors, such as hackers (Value Based Management, 2011).

Risk management includes the “overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what actions are cost effective to take to control these risks” (Conklin et al, 2012, pg. 678). For the proper development of risk management techniques, every person at every level of the organization, especially those involved in the Information Security (IS) department “must be actively involved in the following activities:

The main goal of information security is to prevent the all network system from loss of confidentiality, integrity, and availability. All data and information transferred and stored on the DoD system will require encryption for protection of confidentiality.

Essential to managing confidentiality and integrity are tools that aid in Identity Management or “IdM”

In order to diminish both security and privacy risks to organizations, measures need to be taken to combat risks throughout the various stages of the threat’s life cycle. Specific processes must be implemented to identify threats, procedures to follow when the attack occurs, and finally methods to recover from the attack (Houlding, 2011).

Our next step is to identify and analyze any potential logical vulnerabilities and threats that require consideration. Logical risks or threats are those that are likely to affect the information that has to be protected. Most of the logical vulnerabilities and threats are concerned with software or programming errors, technical failures, web site intrusion and social engineering.

1 Briefly define each of the three members of the information security triad. The Security Triad: CIA Confidentiality: Is pretty much privacy. Measures are taken to ensure confidentiality is designed to prevent information reaching the wrong people. Integrity: Is the assurance that information has not ben changed; basically that the information can be trusted

The guiding security principles in the scenario are geared to protect its assets. The of its assets are information and data. The CIA triad of Confidentiality, Integrity and Availability which is the pinnacle of information security must always be considered when protecting these invaluable assets.

The bottom-up approach lacks support from upper management. The top-down approach offers more upper management support with more funding plus clear planning.

Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.

Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.

Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.