Description
In this module, we have touched on a wealth of information. For your final module paper, you are going to assume the role of the Chief Information Security Officer (CISO) of an organization that is looking to institute a security program. You need to write up a white paper for senior management that encompasses the following:
- An overview of an information security program and why it is important for an organization
- A list of high-level topics that should be encompassed in a program and a brief explanation of each of those topics
- From those high-level topics, you will take the top two that are most important, in your view, and create basic standards/procedures for implementing safeguards for those topics.
- In your white paper, you will explain why you believe these two topics are the most important to put in place first. What makes these more important than other items?
- The overall paper should be informational, but also provide data and evidence from outside sources to give credence to your discussion.
The paper should be 15-18 pages in length including title, contents and source pages, providing a broad overview of Information Security Programs and how it will help the organization fulfill its mission.
Remember, your audience is the senior management of the organization.
Week 7 - Final Module Presentation
You are to complete a presentation as if you were the CISO of an organization presenting to senior management. Your presentation should be an overview of your white paper and last no more than 10 minutes (approximately 8-10 slides).
Explanation & Answer
Attached.
Running Head: INFORMATION SECURITY PROGRAM
Full Title:
Student Name:
Institution:
1
INFORMATION SECURITY PROGRAM
2
ABSTRACT
Security program refers to a set of company’s information security policies, procedures,
guidelines, and standards. This program will help in ensuring confidentiality, integrity, and
availability of client and customer information and the organization's confidential data.
Currently, security incidences have drastically increased and have become higher than before,
this automatically affects a large number of organizations which may be financial organizations,
healthcare organizations and mostly public-sector entities. However, any company in the
industry could be a potential target.
Therefore, all the data should be protected with a strong information security program regardless
of your organization's size or the type of data that you handle.it is important that each and every
organization implement security program in order to safeguard the information and data within
the organization.
INFORMATION SECURITY PROGRAM
3
Table of Contents
1.
PROBLEM STATEMENT ................................................................................................................4
2.
BACKGROUND STUDY .................................................................................................................5
3.
SOLUTION...................................................................................................................................7
3.1
Data security. ..........................................................................................................................8
3.1.1 Data Security Threats and control................................................................................................8
3.2
Identity and Access................................................................................................................ 10
3.2.1
Biometric Security System .................................................................................................. 11
3.2.2
Access Control ................................................................................................................... 12
4.
CONCLUSION ............................................................................................................................ 14
References....................................................................................................................................... 16
INFORMATION SECURITY PROGRAM
4
1. PROBLEM STATEMENT
In modern technology, there is a constant connection to the Internet that allows more creativity in
business than it was there before. Almost every business or organization has a website and
externally exposed systems that could provide criminals with entry points into internal networks
and unauthorized access of data. Cybercriminals are increasingly discovering new ways to hack
into the most sensitive networks and data within different organizations.
There have also been incidences where the employees of a given organization participate in
accessing and corrupting the organization's data. Protecting business data has become a
challenge in the current society and that is why information security program should be highly be
implemented in the companies and organizations in order to secure very important information
of customers and employees.
With highly sophisticated attacks, businesses and organizations need to assume that they will be
breached at some point and implement controls that help them to detect and respond to malicious
activity before it causes damage and disruption.
INFORMATION SECURITY PROGRAM
5
2. BACKGROUND STUDY
Hacking of computers started a long time ago. There were many ways which the hackers
discovered of which facilitated them in hacking telephones and computer networks. The
exploitation of vulnerabilities in the telephone network was made by "phreakers" in the 1970s.
There was a group of six teenagers in Milwaukee who was arrested for hacking into more than
50 different computers in the late 1970s. The Milwaukee carried out their hacking just for a
challenge, but when the First National Bank of Chicago was hacked for $70 million, it became
clear that their hacking activity was serious and was not only for fun or jokes.
In the 1990s More computers were being used by various people as they stored a lot of their
personal information online. Organized crime found that computer hacking could be an earning
point. By 2000, the internet became so insecure due to increasing cases of hacking and theft.
This unsecured network has continued with a very huge growth day in day out. Threats in the
current generation happen from organized crime, from businesses using "black hat" techniques,
and from different nations and states who steal classified information from other states. Some
organizations go on and hack their competitor's network in order to steal or corrupt important
information.
Currently, online users struggle with spyware and malware, with the current threats including
password theft. Taking different initiatives to upgrade data security, reducing data exposure and
sharing information about threats and increase utilization of antiviral-software has contributed to
the evolution of information security. Investment of a lot of money by government agencies and
businesses routinely has facilitated the study of threats while constantly testing and improving
information security.
INFORMATION SECURITY PROGRAM
State-sponsored hacking is already an industry on its own. Privacy at the individual level may
reduce as governments and law enforcement agencies monitor email and personal
communication. Mobile apps and service providers will likely be under an increasing number of
attacks, as well.
These problems are exacerbated by the mindset of many groups who believe that copyright and
intellectual property laws represent a limitation or infringement upon their rights.
6
INFORMATION SECURITY PROGRAM
7
3. SOLUTION
There are several areas that are essential in the information security program. These are:
❖ Data security: this is the protection of data from unauthorized access and also from data
corruption. It mainly focuses on how to lock down data, data backup and recovery, disk and
file encryption and database security.
❖ Network Security: this is the preventative measures which are undertaken in order to secure
or protect a given networking system from unauthorized access thus curb hacking of which
ensures tha...
Review
Review
