Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from essay:
Why/How to create an Information Assurance
Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives assurance that the very information required is available?
This document contains the solutions to the concerns mentioned above; an Information Assurance Program is necessary in every organization. This project explains why information assurance program is needed in every viable company and also explores ways it can be affected, integrated into the organization and organized. The program encompasses different models which span through finding the reason why such program is needed to analyzing whether the finding is practicable. This takes the next leap by prioritizing the analyzed needs of the case study organization.
There are many models but not all are applicable to the case study of organization as well spelt out in later chapters of this write-up. The models examined in this project are such that works for any organization that is keen at updating and strengthening their information assurance by engaging in the program, suggested in this project.
Table of Contents
Table of Contents
Principles of Information Assurance
Approaches to Information Assurance
Processes of Information Assurance
Ensuring an Effective Management Change
Software Development -- Compliance with CMMI
Developing Information System to Suit the Case Organization
Information System Security Standards
Information System Security Models
Preparing the Information System Operators for better Operations
Cost Analysis of Undertaking Information System Security
To better understand the concept of Information Assurance program in a company setting, an understanding of 'information' and 'assurance' need mentioning. According to Cambridge online dictionary, information is defined as facts about a situation, person or thing while assurance is defined as a promise. In a company setting, a promise that information will be available in an organized manner is made.
Information Assurance refers to a process that starts with what strategy should be employed, an outlay of high-level risk that can be tolerated by the company and the likely rewards that can be gained from such strategy. Security in the workplace is such a complex matter where a lot of matters also vie for attention. A model must be established which will serve as the hallmark for other IT workers to follow. The procedure of Information assurance strives is such that there must responsibility, transferability and storage of data. The stored data must be protected and for that to be enshrined, certain models must be followed. Amongst the models construed by the government, the most notable one is called the 'Triad Model." This is based on the principles: confidentiality, integrity and availability. These principles still form the building blocks of information security. In a case study organization, these principles apply to every information and data management strategy in all departments of the organization. Other Models, of course, are also useful but for the sake of the case study organization, the "Hexad" and "Triad" Models shall be fully considered (SACA, 2006, Thomas, 2001).
Principles of Information Assurance
This aspect of the triad model spells out the access level anyone has to certain information and the permission level. For information to be accorded any manner of confidentiality, it must be really private and confidential in nature. It is a principle based on company ethics where dissemination of unrestricted information to a third party is disallowed. Certain restrictions are usually placed on permission to access information without authorization. It can also be said to be the cornerstone of information security in today's business corporation (Harwood, 2006).
This is another ingredient of security and assurance. It refers to being accurate and consistent in data handling without any problems occurring due to changes in an updated version of the data. It can also mean that the information is not tampered with, meaning that it is whole (Parker, 2000).
Through the use of standard rules and regulations, integrity is forced on the database during its design. It is important to consider that while trying to enforce integrity, unprecedented loopholes are inevitable but could be minimized by the following methods:
Regular data back-up
Designing of the database with ability to detect invalid data input
Control of data flow and access by certain security mechanism, and Using of software that checks for and correct errors.
By installing software that disallows alteration of data without permission
By making sure that only authenticated persons checks the final information for verification
This is viewed from two dimensions: The Security Model and the Information Assurance Model. According to the former, it is when users or people are allowed access to a computer network in their bid to access information while in the former; availability refers to when a user is allowed access to the power supply of a networked system serving as a server of information.
Although not part of 'triad model', this is an extremely important principle of information assurance. There is always a concern 'rightful access' to certain information in an organization. Authenticity refers to the right a person has to send or receive information. This is ensured when authenticity is ensured in an organization.
This refers to a set of instruction given to software to only grant access to the person who is permitted to view, alter and work with the information. This ensures that there is no information leakage or loss of information on transit. There are different levels of this authorization; it could be high or low level authorization. High level authorization allows respective personal to access the information without much scrutiny. On the other hand, if a person had a low level access then he will be allowed to only view the information without actually altering anything from it. This serves to disallow abuse of the authorization (Thomas, 2001).
As mentioned earlier, several Models exist for different organizations of which the shotlisted one proves to work on the case study organization. Many models have evolved through decades of use while some are mere updated versions of the old ones. Over the years and from use, some approaches have come into existence which have direct relation with data management and application development of the case study organization. In order to have secure information and minimize or tackle data management breach, these levels of security are needed: physical security, communication security, operation security, system reliability, system safety, information security and operations security. This ensures that these security levels are adhered to only serve to prevent the abuses that may occur from uncontrolled access. It also prevents loss of information that can result from human error or malfunctioning hardware. The case study organization is encouraged to observe these securities.
Approaches to Information Assurance
To ensure protection of information stored on the database of the computer, established security level is necessary as mentioned earlier. This prevents data breach, tampering with information and data loss.
Simply put, this is protecting the computer hardware and its peripherals from damage and theft so as to avoid loss of data or/and to avoid disruption in the operation of such computer.
With reference to the principles of information assurance, which among others are: confidentiality, availability and integrity, this involves a collaborative effort among the engineers in the IT department at ensuring that information in the form of data that is transmitted between computer networks remains confidential and protected from prying eyes. Confidentiality is ensured when the information sent is only decipherable to the person it was meant for. The data sent is considered available and credible if received within the required time irrespective of constraints. Integrity as well, is maintained when the transferred data is not altered any way either due to human factor or technical issues (SACA, 2006).
Operation security concerns with the operations performed by housing computers such as the information received from the sender or the receiving computer. It is a well-known fact that information sending is initiated by the operators of the networked system in the case study organization. This group of people could include administrative operators, data operators and personnel operators. This could be applied to more groups than this but this is applicable to the case study organization. Operation security deals with setting up a standardized operational guideline that caters for the information sent between systems in a manner that the computers responsible for these data transmission are secure at all times and are located in environment where likelihood of it being destroyed of stolen is highly minimized.
This refers to the relationship among the components of a computer system and the decision made regarding the choice of specific components to use while assembling the computer systems in such a way that there can be improvements…[continue]
"Assurance Program Why How To Create An Information" (2012, February 18) Retrieved October 22, 2016, from http://www.paperdue.com/essay/assurance-program-why-how-to-create-an-information-54334
"Assurance Program Why How To Create An Information" 18 February 2012. Web.22 October. 2016. <http://www.paperdue.com/essay/assurance-program-why-how-to-create-an-information-54334>
"Assurance Program Why How To Create An Information", 18 February 2012, Accessed.22 October. 2016, http://www.paperdue.com/essay/assurance-program-why-how-to-create-an-information-54334
C. Evaluation question(s) and aims. The primary question that will be addressed is to identify whether HCBS program is able to provide service to the target population. The evaluation questions will also be directed to the cost effectiveness of the program. The following evaluation questions are identified: 1. Is the program meet the budget requirements of the 1915 (b)? 2. Has the program generates cost saving? 3. Has the program has been able to
Animal Welfare Assurance Organizations Animal welfare: Assurance organizations Organization 1: Manes and Tails Mission (Hoboken, NJ) Manes and Tails Mission, located in Hoboken, NJ is a locally-based organization that oversees a variety of efforts to reduce cruelty against horses. Given the faltering economy, many horses have been abandoned and/or abused, as fewer and fewer people have the ability to care for their animals properly. Horses from the racetrack or who have been used
Program Evaluation to Health Care Managers Program evaluation is an important part of the health program planning, implementation, review, and change process. Patton (1997) defines program evaluation as "the systematic collection of information about the activities, characteristics, and outcomes of programs to make judgments about the program, improve program effectiveness, and/or inform decisions about future programming." As this definition suggests, program evaluations can be carried out to serve different purposes,
For example, personnel integrity, confidence, organizational culture, motivation, team spirit and the overall quality of business and employee relationships. According to this approach, if any one of these four aforementioned aspects are lacking or deficient in any way, even if minor, the quality of the service is placed at risk. Hiring Contractors and Consultants Since quality assurance has become such an important factor in operating a successful business venture, and because implementing
His study includes the following; The U.S. government through the executive to provide appropriate leadership to steer the country in the domain of cyber security. The state to conduct immediate risk assessment aimed at neutralizing all the vulnerabilities. The creation of an effective national security strategy as well as the creation of an elaborate national military strategy. Molander (1996) uses a qualitative research approach and methodology .The method used is constructive. The constructive
The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that
Scaffolding serves as immediate need of creating lesson plan customization and support for specific student needs. Over time, I observed this student gain greater mastery of the subject and find purpose in studying American history. We set the goal of having him go to the whiteboard and lead discussions of World War I at least three times during the semester. We practiced and walked through concepts. As I learned