Premium Essay

Securing Information

In: Computers and Technology

Submitted By loera0311
Words 1328
Pages 6
Securing and Juan Protecting Information CMGT / 400
February 9, 2015
Anthony Seymour

Securing and Protecting Information When do you have to pay attention to the security requirements of your information system? From the very earliest stages of planning for the development of the system to its final disposal is the advice of the National Institute of Standards and Technology (NIST). By considering security early in the information system development life cycle (SDLC), you may be able to avoid higher costs later on and develop a more secure system from the start.
The System Development Life Cycle (SDLC) The system development life cycle starts with the initiation of the system planning process, and continues through system acquisition and development, implementation, operations and maintenance, and ends with disposition of the system. Specific decisions about security must be made in each of these phases to assure that the system is secure. The organization develops its initial definition of the problem that could be solved through automation. Also during this early phase, the organization starts to define the security requirements for the planned system. Management approval of decisions reached is important at this stage. During this initiation phase, the organization establishes the security categorization and conducts a preliminary risk assessment for the planned information system. Categorization of the information system using federal standards and guidelines aids system security planners in defining information system security according to levels of impact, and in selecting a baseline of initial security controls for those impact levels. Security categories are then used in conjunction with vulnerability and threat information in assessing risk to an organization.
Risk assessment Should be performed to develop a...

Similar Documents

Premium Essay

Securing and Protecting Information

...Securing and Protecting Information CMGT/400 May 27, 2013 Securing and Protecting Information Introduction The last few years have been marked by numerous malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in......

Words: 1090 - Pages: 5

Premium Essay

Securing and Protecting Information

...Securing and Protecting Information Jane Doe CGMT/400 March 9, 2015 John Doe Securing and Protecting Information As the most important asset within the organization it is necessary to provide measures that can effectively protect data from loss and unauthorized intrusions. Information security involves authenticating users with a high level of protocol and promoting accountability within the information infrastructure. This approach may involve use of the organization assets, identification, authentication, authorization and the use of third party security systems or devices to protect data from unauthorized access. Security Authentication Process The security authentication process is the first step in information security and assurance. This process involves “binding a specific ID to a specific computer connection” (University of Phoenix, 2011) in order to authenticate access to the information system. During this process the user provides a user ID and password to the computer system or remote server to verify his or her identity. Authentication is accomplished when the system or server matches the user ID to a specific password and grants the user remote access to system resources. Identification The identification process is an access control element designed to match a user to a specific process. The identification process is performed the first time a user ID is issued to a specific user. User IDs have unique values and......

Words: 1903 - Pages: 8

Premium Essay

Securing and Protecting Information

...CMGT 400 Week 3 Securing and Protecting Information Security Authentication Process It is necessary to secure your authentication method to safeguard your system against varied forms of security threats, like brute-force or wordbook attacks, impersonation of users, and reply attacks. Additionally, if you share resources on your network with alternative organizations, you need to make sure that your authentication policies are interchangeable with the organization in which you are exchanging your information with. Authentication is the method in which a person must prove that they are who they say they are. Public and private networks, utilize authorized logins and passwords. Data is ran through the password database to ensure that the user is someone that has the credentials to access the network. In order to allow access a company’s intranet, they must register or be registered with the appropriate credentials to access this network. For this reason, net business and plenty of alternative transactions need additional authentication methods. “The utilization of digital certificates issued and verified by a Certificate Authority (CA) as a part of a public key infrastructure is taken into account probably to become the quality thanks to perform authentication on the web” (D'Arcy, Hovav, & Galletta, 2009). Process includes: Create a strong password policy Establish an account lock out policy Assign logon hours Create a ticket expiration policy Establish network......

Words: 1442 - Pages: 6

Premium Essay

Securing and Protecting Information

...Securing and Protecting Information Securing and Protecting Information CMGT/400 May 27, 2013 Securing and Protecting Information Introduction The last few years have been marked by numerous malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication......

Words: 1094 - Pages: 5

Premium Essay

Securing and Protecting Information

...Securing and Protecting Information Instructor: April 24, 2014 Security Authentication Process It is necessary to secure your authentication method to safeguard your system against varied forms of security threats, like password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and reply attacks. Additionally, if you share resources on your network with alternative organizations, you need to make sure that your authentication policies are interchangeable with the organization in which you are exchanging your information with. Authentication is the method in which a person must prove that they are who they say they are. Public networks as well as private networks (including the Internet), use authentication to utilized or authorize logins and passwords. Data is required and ran through the password database to ensure that the user is authentic. Before anyone is allowed to access an organization’s intranet, they must first register or be registered by someone that has the appropriate credentials to perform these tasks. For this reason, net business and plenty of alternative transactions need additional authentication methods. “The utilization of digital certificates issued and verified by a Certificate Authority (CA) as a part of a public key infrastructure is taken into account probably to become the quality thanks to perform authentication on the web” (D'Arcy, Hovav, & Galletta, 2009). Process......

Words: 1469 - Pages: 6

Free Essay

Securing Information Systems

...Securing information systems Kirill Borovskoy Date: Tuesday 18. November Homework 2 • Explain why information systems are vulnerable to destruction, error, and abuse. Main reason why the information systems are so vulnerable is because they are designed to be easily accessible and they do not exist in physical form per se. Digital date is stored on servers, and if anything was to happen to so called storage, the whole system goes bust. And last but not least: any system can be a subject to a hacker attack. • Describe the business value of security and control When you lose data – you lose money, simple as that. Any information you have is relevant to your business, and when this information gets into wrong hands, the same hands will be chopping pieces of your profit in no time. • Describe the components of an organizational framework for security and control First step in developing security system would be that of assessing the risk. Establishing weak points and determining the strengths of the system is of an utmost importance. Second – a security policy needs to be developed. And finally, there always has to be a contingency plan, involving all the levels of informational infrastructure. • Describe the tools and technologies used for safeguarding information resources. Firewalls and Antiviruses prevent unauthorized access to private network from happening. The very basic tool of defending the......

Words: 717 - Pages: 3

Premium Essay

Securing and Protecting Information

...Securing and Protecting Information Connectivity and accessibility is a top priority, most electronics in our daily lives are connected to the internet, therefore it is extremely important to maintain devices connected to the internet secure from risks and threats. Remote access enables users outside a network access and provides privileges based on the security settings. Users are able to access resources through an internet service provider or ISP which is connecting remotely to the resources online. Secure connectivity is able to be done due to an authentication process, this process establishes a user’s identification to enable access and grant permissions. There are several ways to establish a network connection based on the software, hardware, and network type and security requirements. Security authentication Wireless devices are able to connect remotely involving two elements: a temporary network connection and a series of protocols that set the privileges and commands. The temporary network connection, occurred through a wired connection or wireless access, or any other method of connecting to a network. The primary issue is authenticating the identity of the user and establishing proper privileges for that user. This is accomplished using a combination of protocols and the operating system on the host machine. The three steps in the establishment of proper privileges are authentication, authorization, and accounting, also known as AAA. Authentication is......

Words: 1275 - Pages: 6

Premium Essay

Disaster Securing and Protecting Information

...Disaster Securing and Protecting Information Sherry Stender CMGT 400 December 10, 2012 Dr. Derek Sedlack Disaster Securing and Protecting Information Authentication, verifying a user’s identity, is an important way to establish trust in business processes. Authentication is the process of verifying a user’s claim of identity and is most commonly implemented through a username and password combination when logging into a business’ system or application. While the password and username combination is the most common, there are various other methods of authentication such as: voice recognition, a token device, or swiping a smart card. Authentication is based on the principle that a proper form of identification is not produced by the user that the system will not correlate an authentication factor with a specific subject. Many factors can contribute to a system’s security, but the authentication is a key element to the success of a secure information system. Authentication is vital for maintaining the integrity, confidentiality, and availability of a business’ IT infrastructure. The application of access controls includes 4 processes: * Identification- obtaining the identity of the user that is seeking access to a physical or logical area * Authentication- confirming the user’s identity that is requesting access to a physical or logical area * Authorization- determining which specific actions can be performed by the authenticated user in a specific logical......

Words: 1433 - Pages: 6

Free Essay

Cmgt/400 Securing and Protecting Information

...Computers, networks, and software are the heart and soul of the IT world today. Because of the availability of those systems, they are very vulnerable to malicious attacks and activity. It is of upmost importance that an organization takes security seriously and takes the proper measures to protect their systems. They can do this through a number of different ways, but one area of focus is through the authentication process and the related hardware and software to go along with it. Identification and Authentication Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified. The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential......

Words: 2199 - Pages: 9

Free Essay

Cmgt400 Week 3 Securing and Protecting Information

...Securing and Protecting Information CMGT400 Securing and Protecting Information The internet is a worldwide phenomenon, reaching across the globe and connecting virtually every person together. The internet is essentially comprised of one thing, information. It is information entered into code that produces the websites, emails, and advertisements people see displayed every day. As a result, there are numerous products available which provide connectivity and internet service. Businesses, companies, and banks use the internet to conduct business with customers and other associates. The internet allows companies to potentially recruit customers from around the world, who they normally would not have any interaction with otherwise. With this added advantage of being able to reach across the world, also comes the add threat of becoming a target of malicious hackers. The hackers attention becomes drawn to these companies and their systems and clients' information becomes at risk. The cloud is an offsite storage technology which was originally only available to businesses, but is now easily available to the public. Companies and users are able to store their files on servers instead of local machines, often paying a fee to do so. It is often a useful way to reduce overhead and maintenance costs while paying a company to secure your data and back it up in a virtual environment. Companies that provide this service utilize advanced security software and......

Words: 1513 - Pages: 7

Free Essay

Information Use

...Information Use Information Use Information can be used in a variety of ways in today’s world. Companies use it to track profits and losses others use it to see into future trends so they can make informed decisions about where their business should be in a certain market. According to Opara (2003) “Information is the life blood of modern organizations.” Without information organizations would be making decisions blind. Information in a modern organization flows in a circular motion. For an example of how a major car dealership uses information it gathers. A customer who is prospecting for a new vehicle enters a car dealership not sure of what kind of vehicle he or she may want. An associate greats the new customer and asks a few question to discover what the customer is looking for. This would be the input information that the associate will use to enter into an information system (IS) from this system the associate can help the customer choose what vehicle he or she may be looking for. The information is presented to the customer, after looking at the information the customer chooses a vehicle he or she wants to purchase. The associate inputs his or her personal information into an IS to qualify the customer for financing the vehicle. The information is used by the finance department to set up the financial obligation that the customer will have to pay. Once again the information is cycled back to the customer for his or her input. After the sale of the vehicle the......

Words: 763 - Pages: 4

Premium Essay

Record Management

...and efficiently: * created, captured and described * secured, stored and preserved for as long as they are needed * destroyed or transferred once they no longer have any residual business value. What is a record? All information created, sent and received in the course of your job is potentially a record. Records provide evidence of your agency's business. Whether something is a record depends on the information it contains and the context. Records can be in paper, digital or other formats. Examples include: * emails * faxes * spreadsheets * databases * maps and plans * samples and objects * information in business systems * letters * text messages * minutes * policy and briefing papers * photographs * research data * social media sites. Why is records management important? Records are an important and unique source of evidence and information about the Australian Government and its activities. They provide specific information about the business of your agency .Managing information and records effectively makes your job easier and helps your colleagues. If you regularly make records and keep them in the right places, it will be easier to: * locate emails, documents or information when needed * reuse valuable work that you or someone has done in the past * determine the most recent version of a document * produce evidence as to why a particular decision was made * protect yourself,......

Words: 837 - Pages: 4

Free Essay

Administrative Issues

...private information being interpreted by several services leads to consequences of hacking, and lost information. Sensitive information such as private citizen’s income is accessible. This article discusses the new way to combine several agencies to come together with one service to administer information quickly and easily for quality patient care. Agencies involved with the exchange of data include individual state governments, the office of Personnel Management, The Social Security Administration and several others. With so many agencies involved it will make the data hub vulnerable to the mishandling of information of millions of private citizens. The concern of the Federal Data Services Hub being tested properly to secure private citizen’s information is the main concern of this article. Facts About Health Care Currently patient’s delicate data is found in several locations which generate more work for administration to gather for patient in need of care. The Federal Data Services Hub is extraordinary system controlled by the federal government. This system will attach to seven diverse organizations. The hub will produce a different entree to secluded and delicate health material of the masses of private citizens. This data hub will breakdown information to a centrally location point to be gathered all at once without cause for error. Eligibility for subsidized insurance will be determined with the use of an enormous collecting of tax filing information,......

Words: 1093 - Pages: 5

Premium Essay

A Brief Study of the Evolution of the Planets

...DE1Y 35 Business Information Management February 2006 © SQA Business Information Management DE1Y 35 Acknowledgements Grateful thanks are expressed to COLEG for permission to use extracts throughout the material from the former Business Information Management pack (HN Unit Number A6GF 04), developed by Falkirk College. This permission has been received in writing and is given for inclusion in this publication and for use by COLEG member colleges. © Scottish Qualifications Authority – Material developed by Cardonald College. This publication is licensed by SQA to COLEG for use by Scotland’s colleges as commissioned materials under the terms and conditions of COLEG’s Intellectual Property Rights document, September 2004. No part of this publication may be reproduced without the prior written consent of COLEG and SQA. © SQA Version 1 2 Developed by COLEG Business Information Management DE1Y 35 Contents Acknowledgements Contents Introduction to the unit What this unit is about Outcomes Unit structure How to use these learning materials Symbols used in this unit Other resources required Assessment information How you will be assessed When and where you will be assessed What you have to achieve Opportunities for reassessment Section 1: The role of information in business Introduction to this section Assessment information for this section What is information? The nature of information Types of information Internal uses of information External use......

Words: 43328 - Pages: 174

Free Essay

Information Flow Within an Organization

...Information Flow in an Organization , information is created for meaning, decision making and sharing of knowledge. Just like a river flowing information flows from one place to another, into every house, school or organization. The flow begins with the creation of the data at a terminal; this is the beginning of the information flow. From there the information flows down the pipeline through the network which is like a pipeline. Within this network of pipes you have the switching and routing of the information flow, like the valves used to push water from one location to another. From there the information flows to storage facilities like large storage facilities, these facilities in a data network are the servers, mainframes are used in conjunction with software to store, collate, and share the data just waiting to be accessed and shared. Once a person turns on the faucet or access the information the flow starts again, from the storage facility to another set of switches/routers or valves. This information is accessed like getting a drink of water. Information flow within an organization is an ever evolving process; it is circular in nature according to its activities. Chesapeake Energy’s information flow starts with the design of the information network or pipeline, network circuits include cell modems, T1 and fiber circuits. From here the routers and switches are put in place to send the information to the right storage facility or server. Software is created to......

Words: 729 - Pages: 3