Security Planning For Information Technology IT  Essay

Length: 8 pages Sources: 8 Subject: Education - Computers Type: Essay Paper: #89597011 Related Topics: Cybersecurity, Computer Security, Hacking, Information Security
Excerpt from Essay :

IT Security Plan

The technological advances that have been witnessed in the past twenty to thirty years, has placed a tremendous emphasis on data and information. Computers have changed the world in many facets and the ability to communicate and perform work have been greatly assisted by the digital age. Along with these new found powers, there exists also new found threats. The ability to protect these investments and resources of an informational matter, has produced new sciences and approaches to accomplishing such a task.

The purpose of this essay is to discuss and analyze how to establish an information security program to protect organizational information. This essay will address the specific guidelines and elements that compose such a program and explore ways in which these methods can be exploited for the fullest possible benefit. Specific guidelines will be discussed however this is a general overview of a program and the details that are inherent within such a program will be omitted for simplicity sake. The main idea of this essay is to explain the fundamental concepts that are contained within an information security program and how these qualities affect the ability to produce and maintain a competitive advantage within any chosen industry or business realm.

Identifying Information Threats

Before identifying any reasonable steps to an information security program, it is wise and prudent to first single out what the major threats are to the particular business. Threats are unique and general depending on the situation so it is essential that both avenues of approach are covered and investigated to determine the most harmful and prescient threats that are currently being waged against the organization. Since computers and information are included in almost every single legitimate business organization, there appears to be a constant and persistent threat at all times that needs to be protected. Companies and organizations soon become dependent on these technologies and their usage increases. This dependence also creates security concerns due to the emphasis that is placed on such actions.

It appears that many companies and organizations are unaware of the ease in which their information and data can be compromised. Durbin (2013) explained how information is a critical resources that must be protected from the many and varying threats that exist in the world today. He wrote "as we move into 2014, attacks will continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cyber criminals are cultivating new techniques to circumvent them. Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high-impact security events."

The interconnectivity of the internet and wireless communication has allowed for clandestine and secret attempts to steal and propagate digital information. Many times businesses have no idea to the high levels of dangerous exposure they are submitting themselves to in many cases. The threats are often invisible and quiet, leaving little traces or clues to signify where and how they originated from. Threats are everywhere and must be constantly identified as the industry landscape and markets are always changing and evolving along with the possibilities of threats and danger.

Computer hacking crime syndicates are more prominent in this day and age due to these leaps in technology and communication. Grimes (2012) argued that these criminal outfits present the largest threat to computer and digital information in today's environment. He wrote "Many of the most successful organized cyber crime syndicates are businesses that lead large affiliate conglomerate groups, much in the vein of legal distributed marketing hierarchies. In fact, today's cyber criminal probably has more in common with an Avon or Mary Kay rep than either wants to admit. Small groups, with a few members, still hack, but more and more, IT security pros are up against large corporations dedicated to rogue behavior. Think full-time employees, HR departments, project management teams, and team leaders. And it's all criminal, no more funny messages printed to the screen or other teenage antics"

Developing a IT Security Program

Regardless of the industry, goals or missions, an organization must align their greater business strategy with that...


The ability to design and synthesize specific actions that relate to the specific scenario that that organization finds themselves in is paramount in achieving success in developing a security program. This step allows the program to develop around the main ideas and tenets of the company and creates a representation of what is most important within the company.

Additionally, many times the IT department will be solely responsible for the design, implementation and execution of an information security program. This is most likely not the best approach as all members of the team must have the appropriate familiarity with the program, and their role within the program, to help bring the effort to maximum fruition. Teamwork becomes an obvious quality that is necessary in designing such a complete and robust program that can be applied to have deep and profound effect on the way the organization conducts business and achieves a competitive advantage.

Risk assessment therefore becomes one of the most essential tools an organization can use to understand and prepare for the implementation of an information security program. Kadel (2004) wrote " a security program, at its core, is about risk management, identifying, quantifying and mitigating risks to computer data. There are seven basic steps to risk management: 1. Identify the assets. 2. Assign value to the asset. 3. Identify the risks and threats corresponding to each asset. 4. Estimate the potential loss from that risk or threat. 5. Estimate the possible frequency of the threat occurring. 6. Calculate the cost of the risk. 7. Recommend countermeasures or other remedial activities," (p.8).

Once again it is important to realize that the leadership of the organization is responsible for applying these criteria for risk to the appropriate area of responsibility. The unique aspects of every individual requires that the risks associated with that organization is unique as well. "Each organization is different, so the decision as to what kind of risk assessment should be performed depends largely on the specific organization. If it is determined that all the organization needs at this time is general prioritization, a simplified approach to an enterprise security risk assessment can be taken and, even if it already has been determined that a more in-depth assessment must be completed, the simplified approach can be a helpful first step in generating an overview to guide decision making in pursuit of that more in-depth assessment," ( Schimitting & Munns, 2010).

Components of an IT Security Plan

Simplicity and ease of use is the most pressing idea surrounding the issue of a competent and practical information technology security plan. Access becomes the most glaring component of any IT plan when approached in this manner. Access is important because this is where and how information can be approached and taken. This is the first step in comprising an IT plan that is both safe and secure. Hu (2006) suggested that "access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems require more sophisticated and complex control." Using logon names and passwords is the simplest way to create a system of security regarding access. While this may be appropriate at many levels of the security plan, the more important and sensitive the information is, the more restrictions to access should be afforded within the information technology security plan.

There are many dangers and problems with this portion of the plan. Access is not a simple process and the complexities of the business organization will certainly dictate the complexities of the IT plan that is designed to protect it. When planning for access control it is important that certain standards are kept and that the strategic outlook is always prominent in the planning stages. Many times designers of such systems will overlook key portions of access control that may have damaging effects down the road. Technology can be a great assistance in avoiding such problems, and getting the most out of what is available will no doubt serve the project well. Bioscolo (2008) agreed with this argument when he wrote "Traditional security solutions, such as firewalls, anti-virus, anti-spyware, patch management, or VPNs are no longer sufficient to keep the threats off the network. While these play a vital role, companies are still dealing with devices connecting to the network with unpatched software, out-of-date anti-virus and improper security settings. Not keeping devices up-to-date is probably the largest hole in the security fight today."

IT security programs need more than just a good idea. Monitoring and supervising these factions is also an integral part of any security plan. Privacy enters the picture in this phase of the program and these issues should be reflective of the greater organizational strategy. In some businesses, such as…

Sources Used in Documents:


Bulling, D., Scalora, M. Borum, R. Panuzio, J., and Donica, A. (2008, July). Behavioral science guidelines for assessing insider threat attacks. Public Policy Center, University of Nebraska. Retrieved from

Boscolo, C. (2008). How to implement network access control. Computerweekly, November 2008 . Retrieved from

Durbin, S. (2013). Security Think Tank: ISF's top security threats for 2014. Computerweekly, Dec 2013. Retrieved from

Grimes, R. (2012). IT's 9 biggest security threats. Infoworld, 27 Aug 2012. Retrieved from
Hu, V. et al. ( 2006). Assessment of Access Control Systems. Computer Security, Sep 2006. Retrieved from
Kadel, L.A. (2004, March 24). Designing and implementing an effective information security program: Protecting the data assets of individuals, small and large businesses. SANS Institute INFOSEC Reading Room. Retrieved from
Kelly, B.B. (2012). Investing in a centralized cybersecurity infrastructure: Why "hacktivism" can and should influence cybersecurity reform. Boston University Law Review, 92(5), 1663-1711. Retrieved from H-PU library Proquest Criminal Justice
Schmitting, R. & Munns, A. (2010). Performing a Security Risk Assessment. ISACA, 2010 Vol 1. Retrieved from

Cite this Document:

"Security Planning For Information Technology IT " (2014, May 03) Retrieved May 23, 2022, from

"Security Planning For Information Technology IT " 03 May 2014. Web.23 May. 2022. <>

"Security Planning For Information Technology IT ", 03 May 2014, Accessed.23 May. 2022,

Related Documents
Information Technology Change Management in Home Health
Words: 1391 Length: 5 Pages Topic: Business - Management Paper #: 68049573

Information Technology Change Management in Home Health Care I hope enjoyed time holidays. Now back work . In team task week, a topic weekly focus debate paper labor unions change process. There sufficient information argue sides. Let . See: The labor union change process difficult employees management; I labor union make process a bit easier parties. Implementing Information Technology Change in a Health Care Facility There is a shift from the traditional institutionalized

Information Technology an Effective Project
Words: 1908 Length: 6 Pages Topic: Business - Management Paper #: 85343597

It is possible to avoid becoming a victim of such crimes through some basic precautionary methods. Firstly, it is essential to store or discard personal information in a careful manner. This means personal documents should not be left lying around or shared through internet. All personal information should be stored in a secure place. All sorts of old receipts, expired cards, bank statements and checks should be disposed of

Information Technology Aquarius Marketing Project
Words: 3970 Length: 12 Pages Topic: Business - Management Paper #: 3202159

Migrate off of any individualized content management systems and processes not integrated to a single portal platform for greater cost and time savings in administration. Olson (32) provides an excellent case study on how universities are making use of open source portal applications to alleviate redundant and often conflicting data in multiple portals on an IBM WebSphere platform Define and build out a portal development plan that encompasses all shared processes

Information Technology Situation Analysis
Words: 1450 Length: 5 Pages Topic: Business Paper #: 42484077

Hence the development of the Open Systems Interconnect (OSI) Model which lead to the development of the Internet and the Ethernet standard and the TCP/IP protocol, both of which nearly the entire Internet runs on today. #9, in what way have phones and computers converged? Why is this convergence occurring? The personal productivity tasks of communication as it relates to the use of telephones and computer systems has long been an

Security Planning and Assessment Security
Words: 2028 Length: 7 Pages Topic: Business - Management Paper #: 22378591

It's not necessary, for the purposes of this paper, to look in detail at these steps for a basic understanding of how a security assessment is conducted. To understand the nuances, there are about a million books one can read, but we will discuss a few general "rules." The first thing to keep in mind with an assessment is that the methodology is flexible. It has to be to adapt to

Information Technology Holds Great Promise for Improving
Words: 3297 Length: 12 Pages Topic: Education - Computers Paper #: 91590384

Information Technology holds great promise for improving the way a government serves its citizens in various services it conducts to the citizens. This rapid adoption of information technology has produced substantial benefits to the citizens, tax payers, and businesses alike. It is therefore recommended for every particular government to develop digital services to streamline all its operations. One area where governments should enhance its key functions is the establishment of