StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Major Categories of Information Security Controls - Article Example

Cite this document
Summary
The paper "The Major Categories of Information Security Controls" discusses computer security controls. It is divided into three major categories that simply refer to controls and they include physical, technical controls. The categories clearly state security implementation proper security…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.2% of users find it useful

Extract of sample "The Major Categories of Information Security Controls"

Business Information Systems My name Course Instructor Institution City/State Date Part A Q1. Define security, threat, exposure and vulnerability in relation to Information Systems security. Identify which components of a computer based information system must be protected by the information system security. (200 words) Computer system security is a system that puts boundaries between the firewalls and computer systems with a combination of software and hardware to limit computer system exposure to hackers (Atul 2005, p.275). The system is always connected to LAN (local area network) which connects to an internet system. Security in relation to information system is the capability of the system of protecting information with integrity and confidentiality. Computer threat refers to the possible dangers that computer data faces. In the organization, computer systems face threats like errors and omissions, theft and fraud, employee sabotage, industrial espionage, malicious hackers and malicious code (Talal & Husam 2008, p.45). Exposure is the state in which a computer system that allows attackers to gather information and also allows the attackers to hide their activities (Louise, Patrik & Péter 2006, p.788). This vulnerability is always caused by system errors that would exposure the entire system to hackers. Vulnerability is basically an exposure to the operating system or other software application component (Atul & Rex 2005, p.303). Vulnerability has been increased by the innovation of internet that has exposed most organizations to hackers. Microsoft products have been victims of internet vulnerability. Q2. Explain malware and the 3 major categories of software attacks. Include definitions of a logic bomb, back door, denial of service attack and distributed denial of service attack. (200 words) Malware is the short form for malicious software which is a computer program that is designed to damage and infiltrate computers without consent of the users (Vasileios & Diomidis 2007, p.297). Malware is an umbrella term that covers the various computer threats like worms, viruses, spyware, Trojans and rootkits. Major categories of software attacks include passive, active and distributed attacks. Logic bombs are codes that individuals insert intentionally into a particular software system that sets off malicious functions under specified conditions (Helen, Sarandis & Christos 2011, p.285). Authorized users usually install these codes. Thus, they act to reinforce back up needs. Back doors are codes that attackers insert on computer information systems to ensure unauthorized access for a longer period (Talal & Husam 2008, p.46). Attackers may install them inadvertently using Trojan horse. Thus, it is simply a means of gaining access into the information system illegally. Denial of Service Attack (DoS) is a form of attacking information systems like computers over the network (Talal & Husam 2008, p.50). In simple terms, it refers to the malicious attempt of rendering network systems unusable. However, this activity may not damage the entire system completely and it relies on various methods that take the advantage of network technology weaknesses. Distributed denial-of service (DDoS) is a computer attack that utilizes different hosts so as to overwhelm servers thus leading to a complete crash of the website system (Talal & Husam 2008, p.50). This attack is used by hackers to access large-scale and popular websites aimed at disabling them temporarily or sometimes permanently. Q3. Define and discuss the major categories of information security controls. Provide 2 examples of each. (200 words) Computer security controls is divided into three major categories that simple refers to controls and they include physical, technical and administrative controls (Tran K & Tran T 2013, p. 15). The categories clearly state security implementation proper security Physical control is simply the implementation of the security measures to deter unauthorized access into the information system (Tran K & Tran T 2013, p. 16). Physical controls include closed –circuit surveillance cameras, picture IDs, security guards, motion or systems of thermal alarm and biometrics like voice, face, iris, handwriting, and fingerprints. Technical controls on the other hand use technology as the basis of controlling access and as well as usage of sensitive data within physical structures over the network (Tran K & Tran T 2013, p. 16). Moreover, these controls exist in different scopes and adopt such technologies like encryption, smart cards, network authentication, access control lists (ACLs) and file integrity auditing software (Stefanos 2004, p.260). Administrative controls entail human security factors or measures thus they represent all personnel levels within the organization and they determine which users can access to which information and resources (Tran K & Tran T 2013, p. 16). These measures include training and awareness, recovery plans and disaster preparedness. Other measures include separation strategies, registration of the personnel as well as their accountability. These three categories entail deterrence, corrective and recovery initiatives Q4. Define a business continuity plan contrasting a cold, warm and hot site. (200 words) Business continuity plan is the document that has all critical information that the business requires to stay in the operational stage after adverse events (Joan 2004, p.63). The business continuity plan can also be the emergency plan of the organization. An organization needs an effective business continuity plan that clearly states the vital processes of the business. This document contain such information like contact list of the employees, key suppliers and vendor information, key contacts, recovery locations, companies inventory, communication venue lists and the disaster response plan. Cold site is the backup site which businesses goes to when its primary site has been destroyed, inoperable or damage (Tran & Tra2013, p.7). They are the most expensive to install and can operate within few hours. They are applicable to businesses that use internal networking and internet extensively. On the other hand, a hot site is the location where the organization resumes during the disasters and it has all vital equipment needed for the business to resume its regular activities including the backup, computer systems and jack phones (Dennis, Olivia & Brandon 2012, p.180). They are operated by different organization and not by the companies that buy and install them. Finally, warm sites are other business recovery facilities that are equipped partially with other necessary software and hardware, power supply and other communication equipment (Arthur & Quey 2006, p.348). Part B Claim Facebook fails to protect users’ privacy Data/Evidence Approximately 45000 credentials of the users were stolen by the Ramnit malware. This was put across by the security personnel that were called upon to look at security issues of the facebook site or website. On the other hand, the case study postulates that 800000 machines were infected by the virus within a short period between late of September to early December of 2011. The other important statistic or evidence is the 17/3% projection of the Symantec report that stated that these malware were from worms related to Ramnit. According to the Toulmens model of argument, the evidence presents grounds of the claim. It states the basis of the claim and gives the clear direction from which the statement comes from. From the model, it is possible to assess and evaluate the validity of the evidence that supports the basis of argument that facebook corporation has failed in safeguarding users privacy. All the evidences in this case study holds grounds since they have been authenticated with statistical figures and percentages Warrant With respect to the subject, 45000 computers that are affected by Ramnit are enough to render the situation as serious. This social medium has failed to protect its customers and relatively large numbers of their machines have been affected. On the other hand, a warrant is a postulation on the situation on the ground. If for example 45000 machines have been affected, there is high possibility that the virus will spread because the people use these machines to connect to different sites thereby leaving Ramnit to different anticipated sites. Thus, the result is damage to different organisations and businesses. The facebook management on the other hand, ascertained that most user information was rather out of date thus increasing their vulnerability to Ramnit. Thus, it is imperative to apply causal argument theory to this case. This is because the facebook users need not to be told by the management to constantly update their information. It is their wish to take precaution. In the contrary, facebook may not use this claim as a defence since the management was the designer of such a website that that does not protect its users by is rather vulnerable to potential information system threats. Backing The virus steals user passwords by hiding its activities. It is difficult to identify a malware when it operates under hidden circumstances. This is backed up by the information system security professional that was called to intervene on the Ramnit menace. Thus, this is enough backing for the claim that facebook has failed to protect users since it is a substantial evidence of the problem or issue. In addition, the other area of concern from the special technical expert team is the fact that this virus by people or hackers who are high tech but they claim that the organisation is devising ways of dealing with the problem. This simply means that Ramnit does not spread by itself but by people who take the advantage of the system’ s incapability of protecting confidential information of the users. In short, the organisation developed a system that would be vulnerable to potential cyber or internet threats. Rebuttal Rebuttal that arises from the case study is that facebook tries to shift the blame away from itself by claiming that the issue has just come into attention. This organisation is just detecting violation of the users in this website. With eminent internet threats, the company could have device ways of dealing with uncertainties like information security attacks by hackers and other internet criminals. Another classical example of a rebuttal is the advice against unique links. The corporation is trying to advice users on which links to click or not. However, it will be difficult to differentiate the bad links and good links. Thus, the management must just find best system mechanisms or structures that will best protect users from hackers Using Toulman’s model of argument, these rebuttals may represent exceptional points of the argument. In this type of argument, an idea may be put across to shift attention from the main subject thus the facebook distances itself from the claim that it is responsible for privacy violation of the users. It tries to defend itself against the claim by finally opposing the claim. Qualifier A good qualifier for this argument is the finding by researchers that paints the clear picture on how hackers use Ramnit to gain unauthorised acess into various user accounts. After accessing such accounts, the hackers recommend the infected links to friends of account owners. The result is further spreading Ramnit. Therefore, the research is a perfect qualifier for the claim (facebook has failed to protect user’s privacy. If the hackers can access information of various users, it therefore qualifies that it is incapable of protecting privacy of the users. However, Toulman refers to qualifier as the argument component that depicts the degree to which an individual vies the claim as being important or of great significance. Your Opinion This argument has confirmed that facebook did not anticipate that security issues would arise in relation to system hacking. This is because it did not put any initiative or a security system that would protect confident information of its users like private and personal information. The system design makes it vulnerable to information system attacks like malware. All of the above elements of arguments point out to the inadequacy of the facebook’s information security system to protect private accounts. People have used Ramnit to hack into different accounts. On the other hand, the corporation claims ignorant of the issue by stating that it is when the issue has come to their attention. Thus, facebook has totally failed to protect user’s privacy due the large number of computers that have been affected and the huge number of hacked accounts. References Arthur, J. C & Quey Y, 2006, ‘On security preparations against possible IS threats across industries’, Information Management & Computer Security, vol. 14, no. 4, pp.343 – 360. Atul G, Rex, H 2005, ‘Information systems security issues and decisions for small businesses: An empirical examination’, Information Management & Computer Security, vol. 13, no. 4, pp.297 – 310. Dennis, C. G, Olivia, F. L & Brandon, P. M 2012, ‘Outsourcing and replication considerations in disaster recovery planning’, Disaster Prevention and Management, vol. 21, no. 2, pp.172 – 183. Helen, K, Sarandis, M & Christos, D 2011, ‘An advanced web attack detection and prevention tool’, Information Management & Computer Security’, vol. 19, no. 5, pp.280 – 299. Joan, L. L, 2004, ‘Business continuity plans: An overview’, Journal of Investment Compliance, vol. 5, no. 2, pp.62 – 64. Louise, W, Patrik, B & Péter R 2006, ‘Information security – an application of a systems approach’, Kybernetes, vol. 35, no. 6, pp.786 – 796. Stefanos, G 2004, ‘Enhancing Web privacy and anonymity in the digital era’, Information Management & Computer Security, vol. 12, no.3, pp.255 – 287. Talal H. H & Husam, A. A. K 2008, ‘Investigating Perceived Security Threats of Computerized Accounting Information Systems An Empirical Research applied on Jordanian banking sector’, Journal of Economic and Administrative Sciences, vol. 24, no.1, pp.41 – 67. Tran K. D & Tran, T, 2013, ‘A survey on security visualization techniques for web information systems", International Journal of Web Information Systems, vol. 9, no. 1, pp.6 – 31. Vasileios, V & Diomidis, S 2007, ‘A PRoactive malware identification system based on the computer hygiene principles’, Information Management & Computer Security, vol. 15, no. 4, pp.295 – 312. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Major Categories of Information Security Controls Article Example | Topics and Well Written Essays - 2000 words, n.d.)
The Major Categories of Information Security Controls Article Example | Topics and Well Written Essays - 2000 words. https://studentshare.org/management/2051277-the-major-categories-of-information-security-controls
(The Major Categories of Information Security Controls Article Example | Topics and Well Written Essays - 2000 Words)
The Major Categories of Information Security Controls Article Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/management/2051277-the-major-categories-of-information-security-controls.
“The Major Categories of Information Security Controls Article Example | Topics and Well Written Essays - 2000 Words”. https://studentshare.org/management/2051277-the-major-categories-of-information-security-controls.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Major Categories of Information Security Controls

Network Security

This paper ''Network Security'' discusses that by utilizing quantitative and qualitative research methods, we will analyze different aspects of organization wide information security.... Moreover, we will focus on qualitative research on information security, tools, assessments and statistical data in some cases.... The logical security domain will cover technical controls such as deployment of IDS, Virtual LAN, monitoring violation logs, auditing on domain environment, ISA server and VPN security as well....
16 Pages (4000 words) Research Paper

Summary (Information Security Management )

To address those risks that are supposed to be unacceptable ISO/IEC 27001 suggests modeling and application of rational and comprehensive suite of information security controls.... It does not mandate specific information security controls but stops at the level of the management system.... It does not mandate specific information security controls but stops at the level of the management system.... The Operational Control section addresses security controls focusing on steps that are, broadly speaking, implemented and executed by people (as opposed to systems)....
2 Pages (500 words) Essay

Network Security

The moment any form of computer device becomes network capable or dependent of some form of network function, there is a given need for protection to safeguard the flow of information to and from the said device on a given network whether public or private or from a trusted to non-trusted source.... One of the major computing challenges in today's economy is the task of adequately securing a network - ensuring sensitive data is not compromised.... To achieve these motives or goals, they use various methods, tools, and techniques to exploit vulnerabilities in a computer system, or security policy and controls....
3 Pages (750 words) Case Study

IT Audit & Security controls at ABC Company

They can remain connected to their corporate networks to access any information required to perform their assignments.... The use of mobile devices in any organizations is expanding day by day.... Mobile device in an organization extend the boundaries of corporate networks beyond a restricted work environment to a loosely coupled, distributed platform where workers can carry and perform there assignments anytime, anywhere using various devices such as laptops, mobile devices and PDAs and communication technologies....
25 Pages (6250 words) Essay

System Security for Department of Human and Health Services

This paper "System Security for Department of Human and Health Services" focuses on the system security plan (SSP) which aims at providing an overview of federal information system security requirements as well as describing the current and planned controls for meeting the requirements.... Thus, it should be perceived as documentation of the structured process for sufficient and cost-efficient planning of security protection for a general support system or major application....
4 Pages (1000 words) Essay

Security Architecture & Design models

The management the is aiming to ensure information security should consider the following types of security architecture models.... Data classification model that facilitates wider sharing of information through ensuring that information have been given additional controls.... In the paper 'security Architecture & Design models' the author analyzes security of an information system, which is the assurance that an information system components are prevented from unauthorized entry, manipulation of data....
5 Pages (1250 words) Assignment

Web Security Importance

eb security is a branch of information security that deals with the security of websites, web applications, and web services.... International Journal of Computer Science and information security 9.... The journal details all information security matters.... Web security has become a very key component in the world of information technology.... The final report has elucidated some of these methods and procedures that have been developed all over the years as the world of information technology is open-ended and is open to so many changes as the years go by....
12 Pages (3000 words) Coursework

The Ethical Issues of Information Security

The paper "The Ethical Issues of information security " looks at the ethical issues of information security as well as the various legislations that have been made to guarantee information security to individuals as well as to organizations and the empirical theories that explain behavior.... random assessment of information security variables was used and a model was constructed with all these variables: the law, policy, and behavior.... information security is a very sensitive issue because of the ethical issues that are raised as areas of concern....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us