Friday, January 31, 2020
Securing and Protecting Information Essay Example for Free
Securing and Protecting Information Essay The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a few. In addition, it is imperative that authentication policies are interchangeable with the organizations in which information is being exchanged if resources are being shared between alternative organizations. Authentication in definition is simply proof that something is real or what it is meant to be. Public networks as well as private networks to include the internet use passwords as authentication to authorize logins. Data is required and is filtered through the password database if an effort to ensure that the user is authentic. Also, before anyone is allowed to access an organizationââ¬â¢s intranet they must first be registered by someone that has the appropriate credentials to authorize them to gain access. There are plenty of businesses and alternative in the need of additional authentication methods and one method worthy of mentioning is the utilization of digital certificates issued and verified by a Certificate Authority or as commonly used the acronym CA. This process includes the creation of a strong password and an account lockout policy is created, logon hours are assigned, a ticket expiration policy is created, and clock synchronization tolerance to prevent replay attacks is set just to name some of what this process consist of. There are some things that must be taken intoà consideration when a new system is design. Securing and Protecting Information When a team is appointed to designs a new system, that team must understand that all systems are not the same and that they all have their own unique attributes in their own way but the thought process must be the same in regards to security. It is quite challenging to insure that the application integration setting functions properly in a way that does not compromise the security needs. Security is especially necessary in applications that require systems in a company to be streamlined. Integration services might lead to security breaches because of the integrated systems and the holes that may exist during the integration process. To try to alleviate this from occurring, data security should be integrated into the System Development Life Cycle (SDLC) from its beginning phase. This focuses directly on the knowledge security sections of the Syetsm Development Life Cycle. First, an outline of the key security roles and responsibilities should be addressed to insure that everyone involved knows what is expected. Second, ample data concerning the System Development Life Cycle is provided to permit anyone who is unfamiliar with the System Development Life Cycle method in order that they may grasp the connection between data security and also the System Development Life Cycle There are several ways exist that could be employed by a corporation to effectively develop a data system. A conventional System Development Life Cycle is known as a linear sequent model. The linear sequent model assumes that the systems are going to be delivered at a point near the top of its life cycle. Another SDLC technique uses the prototyping model that is commonly accustomed to development and understanding of a systemââ¬â¢s needs while not really developing a final operational system. Complicated systems need continuous additional constant development models. Securing and Protecting Information Information system policies address security threats that may be harmful to a company. Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping toà insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe. When a security policy is developed, it should be well defined and the information in it should be clear and plainly understand and the objectives should be well defined so that there will be no confusion. Conversely, a data system with security policies is probably going to have an assortment of countermeasures that address a range of threats. Policies, standards, guidelines, and coaching materials that are known to be obsolete and not enforced could be dangerous to a corporation due to the data being outdated. As a result, management is basically drawn into thinking that security policies do exist within the organization when actually that is not the case. Counter measures which are outdated does not do an organization any good because without the appropriate patches in place, the organizationââ¬â¢s network could have holes which would leave them extremely vulnerable. All organizations need to be compelled to actively put their security systems to the test and in addition they could even go as far as hiring an outside firm to ping the system to see if any holes appear that could leave the companyââ¬â¢s system vulnerable. Of course there are preventive roles and measures that could and should be taken. Data security should be a crucial area of concern for small business owners. Knowledge of security compliance is no longer merely an area of financial concern Securing and Protecting Information As more and more data moves out of the file cabinet and into the electronic space, Information Technology departments will play an integral role in complying with all of the security policies. Once you take into account all the necessary information stored from economic records to customers data, it is not difficult to discover why only a single breach could seriously affect a business. With a number of basic steps and a few sensible on-line habits, youll prevent yourself from turning into simply another victim of cyber crime. (Ratha, Connell, Bolle, 2001) Some of the preventive roles and measures mentioned above are as follows: implementing sturdy strong passwords, use a mixture of capital and lower-case letters, symbols, and numbers and create it eight to twelve characters long, acquireà anti-virus/anti-malware software package, and last but not least, ensure your personal computer (PC) is properly patched and updated. It is important to mention that there is very little purpose in installing a very effective software package if it is not going to be properly maintained. As Watchinski explains, ââ¬Å"while applications arent 100% fool-proofs, its necessary to frequently update these tools to assist in keeping users safe. It is also worthy of mentioning that scheduling regular backups to AN external drive, or within the cloud, may be painless thanks to make sure that all of your knowledge is kept safely. It must also be mentioned that it is not uncommon for an unsuspecting worker to click on a link or transfer an attachment that they believe is harmless just to realize later that the link contained malicious software that has compromised the companyââ¬â¢s network. It is extremely important to teach your staff to practice safe on-line habits and beieing proactive with defense is crucial. Employees have a crucial role to play to keep your business and its knowledge secure. Securing and Protecting Information To touch on systems and devices in reference to security, security refers to providing a protection system to ADPS resources such as the central processor, memory, disk, software package programs, and most significantly data/information keep within the ADPS. As a part of the data systems security management, there are square measures peripheral devices installed so that the regulated community so to speak will listen. These peripheral devices will create an unseen threat (insider/third party threat). (Workman, Bommer, Straub, 2008) There are certain devices that appear to be harmless but could prove to cause issues such as USB devices (commonly known as flash/thumb drives), USB patch cords with mini/micro connectors, and Electronic notebooks just to name a few. In conclusion, security authentication is extremely necessary and relevant in the protection of an organizationââ¬â¢s information. References CMGT/400-Intro to Information Assurance and Security DArcy, J., Hovav, A., Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79-98 Myers, J. G. (1997). Simple authentication and security layer (SASL). Zhu, J., Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. Consumer Electronics, IEEE Transactions on, 50(1), 231- Sandhu, R., Samarati, P. (1996). Authentication, access control, and audit. ACM Computing Surveys (CSUR), 28(1), 241-243. Rocha Flores, Waldo, Egil Antonsen, and Mathias Ekstedt. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture, Computers Security, 2014.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.