Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Thus, enterprises must plan for space for "machine rooms that afford high availability and reliability to departmental server resources as well as appropriate network security for these resources" (Clotfelter, 2013, p 7).Then, for more restricted data, in-house servers can provide an extra layer of security to help ensure that such sensitive data remains in proper hands. To protect such restricted data, proper identity management strategies should include "a cross functional client and technical team abstracted requirements for updates" (Clotfelter, 2013, p 5). Thus, enterprise organizations must rely on a tiered network infrastructure that provides a number of different levels of security for various elements of the enterprise organization.
Security Plan
Security plans are a necessary part of it protection precautions.
It is important that security plans are flexible and fluid in order to adapt, both to the internal changes of the enterprise organization, but also to the constantly evolving external threat of hackers and security breaches (Clotfelter, 2013). It security systems must be able to adapt to changing needs within the organization which they protect. Here, the research suggests that "the enterprise security architecture must ensure confidentiality, integrity, and availability throughout the enterprise and align with the corporate business objectives" (Arconati, 2002, p 2). It must help facilitate the meeting organizational goals, by securing a solid ground free of technological threats for the organization to grow. As such, all security plans must be highly detailed and tailored to each organization's specific goals and objectives. Specific goals may hinder some aspects of more general it security plan, and must be adapted in order to fit organizational needs. In this sense, "the objective of enterprise security architecture is to provide the conceptual design of the network security infrastructure, related to security mechanisms, and related to security policies and procedures," yet still able to adapt based on its conceptual nature (Arconati, 2002, p 2). Additionally, the threat of external technology develops a rapid pace. This research has already evaluated the sophisticated nature of attacks on enterprise it systems. As previously discussed, it threats are constantly changing, and are thus an incredible dangerous and intangible enemy to fight. Stiff security plans that do not have room for adaptations in IDS systems or penetration testing will surely lead to an enterprise organization falling...
According to the research, "information security is partly a technical problem, but has significant procedural, administrative, physical, and personal components as well" (Arconati, 2002, p 4). As a result, there are a variety of regulatory bodies that enforce regulations that may hinder potential elements within a security plan. Federal and local regulations can have an impact on how the organization's security policy is created and enforced. Many federal regulations force organizations to have certain elements within the protection systems in order to be effective against particular and well-known attacks. Many regulations in force required firewalls, antivirus protection, IDS, encryption, and restricted access based on position within the organization (U.S. Bureau of Industry and Security, 2013). It is important for all enterprise organizations follow these requirements to the T. In order to prevent not only legal ramifications, but a general consumer mistrust for not providing the most effective security measures, especially with so many variations in local regions.
References
Arconati, Nicholas. (2002). One approach to enterprise security architecture. InfoSec Reading Room. SANS Institute. Web. http://www.sans.org/reading_room/whitepapers/policyissues/approach-enterprise-security-architecture_504
Clotfelter, James. (2013). ITS technology infrastructure plan. Information Technology Services. University of North Carolina Greensboro. Web. http://its.uncg.edu/About/ITS_Technology_Infrastructure%20Plan.pdf
Glynn, Fergal. (2013). What is penetrating testing? VeraCode. Web. http://www.veracode.com/security/penetration-testing
SANS Institute. (2011). Understanding intrusion detection systems. InfoSec Reading Room. Web. http://www.sans.org/reading_room/whitepapers/detection/understanding-intrusion-detection-systems_337
Quest Software. (2013). Top five it security threats and how to combat them. News Release. Dell Software. Web. http://www.quest.com/news-release/top-five-it-security-threats-and-how-to-combat-them-062012-817479.aspx
U.S. Bureau of Industry and Security. Policies and regulations. Industry and Security Industry. U.S. Department of Commerce. Web. http://www.bis.doc.gov/policiesandregulations/
Second, the specific connection points throughout the network also need to be evaluated for their levels of existing security as well, with the WiFi network audited and tested (Loo, 2008). Third, the Virtual Private Networks (VPNS) and the selection of security protocols needs to be audited (Westcott, 2007) to evaluate the performance of IPSec vs. SSL protocols on overall network performance (Rowan, 2007). Many smaller corporations vacillate between IPSec
The hybrid nature of cloud computing in general and SaaS specifically will continue as enterprises question if they are really getting the value out of the systems they are relying on. References Bala, R., & Carr, S. (2010). Usage-based pricing of software services under competition. Journal of Revenue and Pricing Management, 9(3), 204-216. Beimborn, D., Miletzki, T., & Wenzel, S. (2011). Platform as a service (PaaS). Business & Information Systems Engineering, (6),
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide
Security Report In the present day, organizations are reliant on information in order to continue being relevant and not become obsolete. To be specific, organizations are reliant on the controls and systems that have been instituted in place, which provide the continuing privacy, veracity, and accessibility of their data and information (Lomprey, 2008). There is an increase and rise in threats to information contained within organizations and information systems (Lomprey, 2008).
To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not