ENG 315 Professional Communications Week 5 Assignment 2.2
ENG 315 Professional Communications Week 5 Assignment 2.2: Justification Report
Kenyetta Keys
Professor Brandy Isaacs
ENG 315 Professional Communications
January 27, 2016
1
ENG 315 Professional Communications Week 5 Assignment 2.2
A Justification Report
Problem Statement
After a careful and thoughtful analysis of my observations at the company’s operations, it
is evident that there is less concern for information security. This is alarming since the
company’s operations are web-based putting us at more risk of losing credible information and
eventually losing trust from our clients. There is a growing concern from the public about the
security of their personal information that they entrust firms such as ours to safeguard. It is,
therefore, our principle responsibility to ensure that the information we handle at the firm is
secured as we uphold integrity and accountability. In this regard, I have noticed that the
information security is not among the management priorities and the employee are paying less
attention to security threats from malicious software, hackers, and viruses from the internet. We
are at a higher peril now than ever before at losing our credibility that would affect the business
in the long run.
Overview of Alternatives
One such alternative is reducing cloud computing whereby information can be distorted
or blocked by others with ill intentions. Additionally, Federal agencies might block or remove
information if it was shared by a company that had legal issues or was using the information for
the wrong reasons. Therefore, information could be encrypted to ensure it is not lost if cloud
computing is inevitable (Catteddu, 2010). On the other hand, the company could employ the use
of Intrusion Detection and Prevention Systems that search, detect, alert, and prevent any threats
from interfering with the flow of information. Their placement could be at different places
including firewalls to prevent intrusions from the Internet and hackers as well (Scarfone & Mell,
2007).
Criteria
The company would probably turn to encryption techniques to curb the challenges
brought about by cloud computing (Catteddu, 2010). However, encryption could be costly since
it requires trained personnel to encrypt and decrypt the coded information. Also, most of the
encryption and decryption of information requires time, therefore, being time-consuming. The
encryption should also not be constant since it would be prone to hackers who would learn to
decrypt the coded information. However, it is efficient especially in safeguarding classified
information and very much practicable. On the other hand, IDS and IPS placements are cheaper,
practicable, and do not require any training as they are only placed once. They are durable and
very effective in detecting and preventing threats into the system when conveniently placed. The
implementation does not consume a lot of time, and they are readily available and widely used.
In this regard, IDS and IPS placements would be the best choice of technique to use in
preventing information loss or distortion (Scarfone & Mell, 2007).
2
ENG 315 Professional Communications Week 5 Assignment 2.2
Methods
In determining the best alternative, the company must first understand the purpose of the
research is to find cost-effective alternatives. Therefore, an evaluation team would be created and
would comprise of both internal and external evaluators. The evaluation would be based on costeffectiveness, efficiency, durability, and time taken to implement the solution as well as
practicality. The alternative that most satisfies the stated criteria to the highest degree would be
recommended. In our case, after evaluating the two alternatives, employing IDS and IPS would
be preferred as it is cheaper, effective requiring less time to implement without rigorous training
as opposed to encryption of information. Therefore, time and costs manageable to the company
during implementation.
Evaluation of Alternatives
After a careful analysis, the company decided to use encryption of data to reduce the
negative effects of cloud computing. Afterward, an environmental analysis showed that similar
companies are applying the same method in information security. Nevertheless, from a consumer
perspective, businesses are moving away from cloud computing due to data security and privacy
protection issues. Chen and Zhao believe that cloud computing could have devastating effects on
a business since most of the data is moving towards public or hybrid computing (Chen & Zhao,
2012). Also, decoding their encrypted data would have become a problem for us prompting us to
turn to other alternatives such as using the Intrusion Detection and Prevention Systems.
Researchers such as Leng and Wang believe that IDS and IPS are considered to be a
considerable option for improving information security (Leng & Wang, 2012). However,
recommending any of the alternatives might be frustrating since each of them has its advantages
and flaws. Therefore evaluation of the two alternatives will be done using two of the five criteria
to determine which one should be recommended. The alternatives will be based on the cost,
durability, practicability, efficiency, and time criteria to determine whether it would be
productive to implement but focuses on cost and time.
Findings and Analysis
Cost Criteria
Alternative A: Hire professionals to encrypt and decrypt data that would be used in cloud
computing.
The professionals with the capabilities of data encryption and decryption are few.
Therefore, hiring them will be costly to the company as they are in high demand. Similarly, only
a few computer scientists opt for encryption and decryption of data since it is difficult to
understand (Chen & Zhao, 2012). Also, encryption and decryption are a continuous process
incurring more costs.
Alternative B: Use IDS and IPS in the network systems
The intrusion systems could either be used separately or together depending on the choice
of the company. They would be placed at routers, firewalls or even on internal systems based on
the company’s choice of software or hardware applications (Leng & Wang, 2012). They are
cheaper than data coding and are only implemented once. However, additional costs may arise
during its maintenance.
3
ENG 315 Professional Communications Week 5 Assignment 2.2
4
Time Criteria
Alternative A: Hire professionals to encrypt and decrypt data that would be used in cloud
computing.
Data encryption and decryption is a continuous process to avoid any intrusions from
hackers or other threats (Chen & Zhao, 2012). Therefore, data coding will change from time to
time for them to be on high alert. Similarly, the professional will consume a lot of time in
decoding other encrypted data from the Internet.
Alternative B: Use IDS and IPS in the network systems
Intrusion Detection and Prevention Systems are only placed once and do not involve a lot
of time (Leng & Wang, 2012). Their maintenance is also not frequent saving more, and the
professional help is readily available and easy to place in the systems.
Figure 1: Alternatives Analyzed by Criteria
Criteria
Data encryption and
decryption
Use of Intrusion Detection and
Prevention Systems
Cost
Very high
Moderate
Time
Very high
Negligible increase
Durability
Low
High
Practicability
Moderate
Very high
Efficiency
High
Very high
Total Feasibility of the
Alternatives based Criteria
Low to Moderate
Moderate to high
The analysis will be based on the first two criteria. The two alternatives require costs
during their implementation, but IDS and IPS systems are cheaper when compared to data
coding. However, if proper caution is not taken in the systems, maintenance costs may prove to
be higher increasing the overall costs of their implementation. Data coding are expensive due to
hiring professionals since it requires very high skilled professionals. Additionally, data coding is
moderately applicable when compared with the Intrusion Systems. The total feasibility of the
alternatives- based criteria indicates that IDS and IPS use are more suitable than encryption and
decryption of data in improving information security.
ENG 315 Professional Communications Week 5 Assignment 2.2
References
Catteddu, D. (2010). Cloud Computing: benefits, risks and recommendations for information
security. In Web Application Security (pp. 17-17). Springer Berlin Heidelberg.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012
International Conference on (Vol. 1, pp. 647-651). IEEE.
Leng, L., & Wang, L. (2012, August). The fusion method of the IDS and IPS based on IMS. In
Computer Science and Information Processing (CSIP), 2012 International Conference on
(pp. 727-730). IEEE.
Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems (idps).
NIST special publication, 800(2007), 94.
5
Purchase answer to see full
attachment