Premium Essay

Information Security Challenge

In: Computers and Technology

Submitted By docbecker
Words 2242
Pages 9
Information Security Challenge
February 17, 2010

Information Security Challenges

As the world becomes more saturated and dependent upon Information Access, increased opportunities await the criminal element to exploit. This creates new and more costly problem sets that must be mitigated in order to navigate in today’s business world. One of the larger challenges is, entering the criminal information market does not take an excessive capital investment. It simply requires a computer, online access and some talent. Potentiating this problem is the large legitimate market of information brokers that gather marked amounts of information today. This allows for the integration of legal identifiable information to augment those criminal activities. From far away places like Russia, Belarus and Nigeria, scores of criminal associations scour the Internet in search of information and opportunities to be used in identity theft, malware insertion or extortion through complete denial of service (DOS), (Higgins, 2008).

The Bigger They are… the Harder They Fall Most of us have seen it in the news, “Veterans Administration loses Personally Identifiable Information (PII)”, “Bank of America (BOA) loses account numbers” etc… At first it seems minor but after investigation it turns out to be large amounts of PII lost (O’Brien, 2008). The criminals focus on big companies (mostly point of sale functions) as they are the slowest to adapt to change and they have the largest pay back for the effort expended (secondary to high volume sales). My own company had thousands of personal records lost requiring a large investigation. Thousands of non-value-added man-hours lost to work a problem that shouldn’t have happened. For a fraction of the man-hour cost we could have prevented the catastrophe from initially happening. Big companies are going

Similar Documents

Premium Essay

The Challenges in Implementing Iso 27001

...talk about security standards. On this term paper we are going to first identify what is IOS 27001 from different point of view, second we will explain the challenges in implementing ISO 27001 by evaluating the framework of ISO, discussing the benefit and advantages of ISO 27001 and why it's used in UAE. After that we will clarify the challenges of ISO 27001 after interviewing two companies and get rich information from their experience in this filed then compare the challenges in and out UAE based on (3-4) articles. What is ISO/IEC 27001 1- ISO/IEC 27001 is a Controls-based policy o A comprehensive set of controls comprising best practices in information security and It's an Information standard that encompasses all types of information. o “Whatever form the information may take, or means by which it is shared or stored, it should always be appropriately protected” (ISO17799:2000) (FIRSTSOURCE,Undated) 2- ISO/IEC 27001:2005 : o Provides strategic and tactical direction o Recognizes that Information Security is a Management issue o Non-technical (BUREAU VERITAS) 3- ISO 27001(earlier BS 7799) is an International standard which provides a model (PDCA Model) for setting up and managing an effective ISMS. o ISMS is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. o It provides 11 Security Control Clauses under 39 Key Security Categories...

Words: 2150 - Pages: 9

Premium Essay

Cross-Cultural Perspective

...internet has created an even greater challenge where the privacy of the information shared on the online platform is not guaranteed. The situation is even worse if the organisation or the platform mandated to protect such confidential information does not apply adequate measures to address the growing concern of unauthorized access to private information. For a multinational organisation such as Google, the greatest challenge the organisation is yet to address effectively how to secure the private information shared on numerous social media platforms, subscription platforms and even financial platforms that operate on the organisation’s search engine platform. The responsibility of securing private information on the online platform is the responsibility of the service provider. However, cyber criminals have developed new ways of bypassing various security measures that are developed by the different service providers. This explains why most online service providers including the tech-developers have to constantly revise the security measures on platforms that require sharing of private information. As stated by Piper (2005) the mission statement of Google is to make information accessible across the globe where people can easily access any information that they require. Perhaps the clause that was omitted in this statement is that the level of information that one can access is limited. There are various ways of regulating the kind of information that one can access with reference...

Words: 561 - Pages: 3

Premium Essay

It Security Policy Framework

... When implementing a security policy many elements should be considered. For example, the size of the organization, the industry, classification of the data processed, and even the organization’s work load must be taken into account. As with any industry, selecting the proper security framework for an insurance organization should be done cautiously. This is because having too strict of a policy may inconvenience the employees or even their customers. Because of this, consultants must bear in mind that the information handled by insurance organizations is not as sensitive as a healthcare organization, for example. Nonetheless, establishing compliance is important to protect customer information and abide by U.S laws and regulations. Organizations must also identify and address some of the framework implementation challenges that may arise. These challenges are not exclusive to one organization, but all who develop a security policy framework. It is up to the organization to be able to overcome these issues with the proper strategies. IT Security Framework for the Insurance Company An ideal security framework the insurance company should abide by is the International Organization for Standardization (ISO) 27001. This standard explains the requirements for companies to meet their Information Security Management System (ISMS) needs. It provides companies with guidance to establish, implement, maintain, and improve their information security (“An introduction to ISO...

Words: 1329 - Pages: 6

Premium Essay

Nt1310 Unit 3 Assignment 1

...Randall Lilley CIS611 – T302 Cloud Computing Dr. Charlie Collins 15 May 2016 NIST The National Institute of Standards and Technology (NITS) set guidelines for managing security and privacy issues in cloud computing. It came up with privacy and security challenges which may face the whole system, and came up with recommendations which the organizations should take before they embark on cloud computing. The guidelines include technology risks, threats and measures to take in relation to cloud environment. Additionally, they give the organization an opportunity to make important decision as it relates to the use of applications within the cloud computing environment, as well as the general process of outsourcing. Data storage and the whole cloud computing system is a workable system for...

Words: 1367 - Pages: 6

Premium Essay

It 294 Chapter 1

...Describe the challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective 1: Describe the challenges of securing information To achieve this objective, I have read in the course textbook (pages 5-11) Challenges of Securing Information including...

Words: 3169 - Pages: 13

Premium Essay

Information Security

...Human differences Human beings are prone to certain characteristics that tend to affect their relation to information security. Information security refers to the ability of an individual to ensure that information is free from any kind of access by unwarranted individuals. There are several human inadequacies that affect the level of information security. However, this discussion is going to concentrate on three major human characteristics that affect information security. These include: acts of omission, acts of commission and acts of sequence. These three acts are important in to information security because they are not related to distortion of information but they increase the challenges in regard to making information secure. Information security involves the ability of an individual to access certain preserved information with ease. Information security does not involve distortion of information. These reasons make these three acts to be a concern to stakeholders within the information security sector. These three acts have distinct influence on the level of security in regard to information. Parsons et.al (2010) argues that acts of omission involve the inability to execute important activities when dealing with information. There are certain requirements in the field of information that require constant activities. For example, it is recommended that one should change his passwords regularly to reduce cases of illegal access by unwarranted individuals (Parsons et.al...

Words: 974 - Pages: 4

Premium Essay

Computer

...Human differences Human beings are prone to certain characteristics that tend to affect their relation to information security. Information security refers to the ability of an individual to ensure that information is free from any kind of access by unwarranted individuals. There are several human inadequacies that affect the level of information security. However, this discussion is going to concentrate on three major human characteristics that affect information security. These include: acts of omission, acts of commission and acts of sequence. These three acts are important in to information security because they are not related to distortion of information but they increase the challenges in regard to making information secure. Information security involves the ability of an individual to access certain preserved information with ease. Information security does not involve distortion of information. These reasons make these three acts to be a concern to stakeholders within the information security sector. These three acts have distinct influence on the level of security in regard to information. Parsons et.al (2010) argues that acts of omission involve the inability to execute important activities when dealing with information. There are certain requirements in the field of information that require constant activities. For example, it is recommended that one should change his passwords regularly to reduce cases of illegal access by unwarranted individuals (Parsons et.al...

Words: 974 - Pages: 4

Free Essay

Enterprise Security Services

...SECTION ONE INTRODUCTION BACKGROUND OF STUDY In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services. The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based on...

Words: 4428 - Pages: 18

Premium Essay

Business Process

...business processes and management techniques are a central part of any information security strategy. Given the dominance of IT, technical computer security is also a very important component of information security. One reason for continuing security failures is that it is often difficult to connect security measures to business priorities and thereby gain sufficient management and employee attention. Good practice suggests that management should assess the risks surrounding information and balance the costs of security measures against the possible impact of security failures. However, the difficulty of quantifying these matters limits the effectiveness of structured decision-making processes in practice. Finally, as security failures increasingly impact on individual consumers and citizens, there is a developing regulatory agenda, particularly around the security of personal information. As a result, a business may need to shift its thinking from internal risk management to meeting external demands. (1) Network intrusions are widely viewed as one of the most serious potential national security, public safety and economic challenges. Technology, in this case, becomes a double-edge sword. “The very technologies that empower us to lead and create also empower individual criminal hackers, organized criminal groups, terrorist networks and other advanced nations to disrupt the critical infrastructure that is vital to our economy, commerce, public safety, and military,” the...

Words: 797 - Pages: 4

Premium Essay

Cyber Market

...Cyber Security Market is evolving and at a rapid pace daily. The report proposes information on key market drivers, restraints, challenges, and opportunities. Major playing fields of cyber security markets are aerospace, defense, intelligence, government, public utilities, healthcare, telecom, IT, manufacturing, retail and others to say a few. Although cyber security is a familiar internet frenzy, it also has security segments of cyber security, such as network security, endpoint security, application security, content security, wireless security, and cloud security. Which in reality is used and accessed daily. Education, training and consulting segments are sub segments under service segment. With Business models and the way business being executed is changing to a user friendly environment of BYOD (Bring Your Own Device) model this all poses threat to cyber security. Anti –virus, Anti- malware are expected to acquire the highest market share due to this. Next Generation Firewall (NGFW) an advanced version of the firewall that filters network and internet based traffic helps to detect application specific attacks is also another major solution. File layer attacks are the key emerging trends responsible for increasing these cases. Cyber security has some challenges, keep in mind that with any growth this is expected. With the stroke of a key, click of a mouse, combined with rapid Internet use cyber security growth will be amongst the masses. Every major government agency...

Words: 293 - Pages: 2

Premium Essay

Systems Life Cycle

...In the competitive world of healthcare, it is important that organizations establish data security measures to protect a patient’s confidentiality and privacy. Electronic health records (EHRs) must be protected against unauthorized users to prevent the misuse of protected health information (PHI). Health care organizations must protect their information systems from a variety of potential threats. This can include “intentional or unintentional damage to hardware, software, or data or misuse of the organization’s hardware, software, or data” (Wager, Lee, & Glaser, 2009, p. 252). This paper will review two data security articles and describe the measures being used, how they were being used and how effective they were. Security Measures and How They Were Used More and more organizations are using EHRs, as its use continues to grow so does the number of users. According to Gardiner (2015), “The healthcare sector experienced 340 percent more information security incidents and attacks than other industries due to the proliferation of electronic health records with sensitive data” (p.1). In the articles reviewed, the organizations have chosen to employ the following security measures; laptop and device encryption, internal content filtering, email encryption, access management, and social media policy and guidelines, and the use of an enterprise software company. Laptop, Device and Email Encryption All devices like laptops, desktops, and smartphones should be encrypted. The user...

Words: 763 - Pages: 4

Premium Essay

Cyber Law

...Unit-4 (ICS -305) Information security Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Standards that are available to assist organizations implement the appropriate programs and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.  Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks. Security Challenges  The risks to these assets can be calculated by analysis of the following issues:  Threats to your assets. These are unwanted events that could cause the intentional or accidental loss, damage or misuse of the assets  Vulnerabilities. How vulnerable (prone or weak) your assets are to attack  Impact. The magnitude of the potential loss or the seriousness of the event. Security services Information Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management.  Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations  Develop the information security strategy in support of business strategy and...

Words: 1808 - Pages: 8

Premium Essay

Informative

...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...

Words: 18421 - Pages: 74

Premium Essay

Cis 462 Wk 4 Assignment 1 It Security Policy Framework

...462 WK 4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-4-assignment-1-it-security-policy-framework/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK CIS 462 WK 4 Assignment 1 - IT Security Policy Framework Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework. You may create and / or assume all necessary assumptions needed for the completion of this assignment. Write a three to five (3-5) page paper in which you: 1. Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization. 2. Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations. 3. Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework. ...

Words: 793 - Pages: 4

Premium Essay

How Will the Advancement of Cyber Security Affect Communication on Social Media?

...selected a Cyber Security topic because it is a big concern for me how my information (the data) is stored online. This is a topic that everybody worries about because nobody knows where the cloud is or who has access to it. It seems to me that every week there are new headlines about hackers bringing an organization to its knees by doing things such as stolen funds, bad publicity, and embarrassing revelations that are on the front page news. Then I ask myself, how can we protect ourselves from these issues? I guess the best protection is for both ends to implement plans and procedures or maybe the best way to demonstrate the needs for those procedures is to perform a Cyber Security audit and implement the resulting recommendations. Moreover, work in conjunction with IT departments can ensure that implementing the resulting recommendations will make both sides of the social media communication more secure. Like most criminals, hackers look for easy targets. If your media has simple security issues that are easy to exploit, hackers will dive right in. If your infrastructure is strong on your end, hackers will become frustrated and move on to the next easy mark. Furthermore, in these days it is almost impossible to be in an online business with an organization that does not collect or hold personal identifying information like names, addresses, Social Security numbers, credit card numbers, or other account numbers. So, how comprehensive is Cyber Security if it cannot...

Words: 2159 - Pages: 9