Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
SECURITY
Information Security and Risk Management in IT
This essay is designed to present and discuss both an assessment of information security and risk management in IT systems and a comparative discussion of important academic theories related to security and risk. In the first section, An assessment, a conceptual framework will emerge including reference to important terminology and concepts as well as an outline of legislation and authorized usage examples. In the second section, Comparative discussion, is a brief discussion of comparison on the academic theories.
Conceptual framework
To begin any work of this nature, it is important to clarify important terminology and concepts. First, an information technology (IT) system is also known as an application landscape, or any organism that allows for the integration of information and communication technology with data, algorithmic processes, and real people (Beynon-Davies, P., 2009 (1)(2)). Every organization consists of some type of IT system in which this integration of processes, activities, information, and technology provides a landscape for decision-making, operations, management, leadership, and any (or all) other organizational functions (Beynon-Davies (1)(2)). IT systems can be
The next important concept to define is that of information security. This concept is about protecting information from the unauthorized access to it for any/all of the following purposes: viewing, disclosing, modifying, exploiting, copying, critiquing, or destroying (or any other unauthorized (mis)use). The people whose information exists within these systems and who interact with these systems count on the confidentiality of the data and the integrity of the processes. The people who create and manage these systems (for whatever purpose) count on effective and efficient functioning and protocols for security and risk management.
The same can also be said for risk management. Risk management is a process for maintaining information security and protocols for it in the case that threats do arise. In fact, the risk management process is one of identifying any opportunity for a threat to arise, assessing the nature and (possible) outcomes of such threats, and prioritizing the focal points for when and where threats may arise. In other...
The complexity of these issues varies depending on the purposes of the system, the size of the organization, and, of course, the nature of the organization, the number of systems it runs, and the sensitivity of the data its systems contain. Another important point is to acknowledge the overarching protocols that are established by legislation regarding information security and risk management.
Some examples of information security legislation and government protocols are listed and described as follows:
1. HIPAA (Health Insurance Portability and Accountability Act): Signed into law in 1996 and since updated appropriately. This Act seeks to make information more secure from any access/usage outside of strict health care boundaries.
2. U.S. PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act: Signed into law in 2001, it is intended to minimize the restrictions on any law enforcement agencies and essentially make information less secure when these agencies justify access for evidence or intelligence gathering processes or threat assessments related to domestic or global terrorism.
3. Sarbanes-Oxley (Public Company Accounting Reform and Investor Protection OR Corporate and Auditing Accountability and Responsibility Act OR SOX) Act: Signed into law in 2002, to establish and enhance the standards on public accounting firms, public company boards, and management firms in response to a series of serious corporate responsibility and accountability scandals that affected national security markets. This Act seeks to make information more secure and management requirements more stringent. (SEC, 2011).
4. GLBA (Gramm-Leach-Bliley Act or Financial Services Modernization Act): Signed into law in 1999, to allow for the consolidation of insurance companies, securities firms, investment banks, and…
References
Beynon-Davies, P. (2009)(1). The language of informatics: The nature of information systems. International Journal of Information Management. 29(2), 92-103.
Beynon-Davies, P. (2009)(2). Business Information Systems. Basingstoke: Palgrave Macmillan.
Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38 (3), 243-250. Retrived from Academic Search Premier.
Hubbard, Douglass. (2009). The failure of risk management: Why it's broken and how to fix it. United States: John Wiley and Sons.
Microsoft proposes six steps to enable proper reactive management of security risks which include: protecting safety and life, containing and assessing the damage, determining the cause of and repairing damage, reviewing risk response and updating procedures in the hopes of preventing risk in the future (Microsoft, 2004). A proactive approach is much more advantageous however as it enables corporations to prevent threats or minimize risks before negative occurrences happen within an
The most effective security reporting procedure is to use the OCTAVE-based methodology. The reason why is because, they are utilizing solutions that will address the total nature of the threat in comparison with the others. For any kind of organization, this helps them to understand what kinds of issues that they could be facing and the impact that it will have on the entity itself. At the same time, it
The same does apply to security metrics such that these metrics establish the performance within the organization and the effectiveness of the organization's security. The purpose of Risk Analysis is to spot and find security risks in the current framework and to resolve the risk exposure identified by the risk analysis. The type of security risk assessment for an organization is a function of a number of available assessments. However,
This is a separate problem from the system being hacked. Managers may also be far too unaware of the ease in which cellphone networks can be hacked (Hacker Cracks T-Mobile Network). Certainly being aware of the ways in which cellphone and other electronic systems can be hacked or infiltrated in other ways. Such technical attacks can be relatively more easily addressed. Hacking is nearly as old as computer technology itself
The SMART-Ra solution is characterized by the following: The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques The systematic assessment of the risk through the PDCA model (plan, do, check, act) The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA) The creation of
Most developed economies, however, allow the market to set exchange rates, only influencing currency values through indirect means such as the increased or reduced sale of bonds to foreign entities and individuals, or through other means of international wealth exchange. Essentially, all manipulations of exchange rates and actions based on predictions of exchange rates are focused on the forward exchange rate, or the predicted rate of exchange between two