Post 1:
Security objectives
As an initial advance toward the creation of this structure, we originally built up an
exhaustive list of ISM objectives and practices based on literature and reports from
the scholarly community, industry, and other sources worked in security the
executives. Then, utilizing overview information from 354 affirmed information
security professionals in the USA, we experimentally evaluated the recommended
objectives and practices. From this analysis, the center basic objectives and practices
generally pervasive in the field were uncovered, thereby permitting the production a
refined arrangement of ISM objectives and practices. As a last advance, the
relationships between the objectives and practices were analyzed based on
characteristics of the organizations from which the studied information were acquired.
The subsequent relationships gave an indication regarding which objectives
correspond with which practices and contributed to the formulation of an ISM system
that is both parsimonious and relevant to most organizations.
Security objective originate
The determination of common objectives is significant for both establishing the
beginning stage for compelling information security programs and for establishing
evaluation criteria for indicative purposes. A decent security program is a customized
program, and its characteristics rely on the objectives, assets, and environment of the
organization. Notwithstanding, there are strong similarities between great security
programs that can be broke down and copied to improve the security of most
organization expressed that the three traditional components of ISM are confidentiality,
integrity and availability of an organization's information.
Engaged in security
Confidentiality has gotten the most attention, likely as a result of its significance in
military and government applications. Early work on security confirmation was
sponsored by the US Department of Defense. The most conspicuous model utilized in
this environment. This model managed mandatory and discretionary access controls
with the essential goal of forestalling unlawful disclosure of information. Critical
exploration endeavors have been done to improve and enhance the information security
evaluation criteria proposed in this model. Subsequently, integrity was added to the list
of criteria.Still, little attention has been paid to availability, with the exception of
building adaptation to non-critical failure into seller items and including "hot and cold"
sites for reinforcement preparing in disaster recuperation arranging. Most specialists
and practitioners concede to these three basic or center objectives of ISM. They accept
that these objectives can never be totally isolated. Loss of one or more of theses
objectives can compromise the continuity of even the biggest corporate entity.
References:
Setty, H. (2003), “System administrator – security best practices”, available at:
www.sans.org/rr/ practice/sysadmin.php (accessed February 2007).
Bruce, L. (2003), “Information security – key issues and developments”, available at:
www.pwcglobal. com/jm/images/pdf/Information%20Security%20Risk.pdf (accessed
February 2007).
Byrnes, F. and Proctor, P. (2002), “Information security must balance business
objectives”, available at: http://informit.com (accessed February 2007).
Post 2:
The main motto of security objective is to protect the data and assets from threats and
vulnerabilities to which organization attacks may be exposed, and these mainly know for
information risk. Also, ensuring the security objectives end to meet the risk mitigation plans to
find a better benefit to the organization. Either through business continuity or cost efficiency
through operational efficiency. in today's world, the cybersecurity program will secure not only
internal data but also the enterprise-level confidentiality. It has to protect the PII information of
customers. Confidentiality plays a significant role in ensuring the privacy of critical data security
projects. It can also involve restricting the data from those who need access through encrypting
and setting the password and ensuring security measures adequate take care of the concern.
When it comes to integrity, the data in an organization Should be reliable and accurate. It needs
to secure from unauthorized access, which might cause a distraction or data loss (Schoenfield,
2015).
In any organization, the security objectives will help to identify the security of the organization
and how the business functioning taking place needs to be a clear outcome that needs to align
with key business activities. The business should make sure to compile security requirements to
fulfil them. Preventing data getting data breaches and planning proper security objectives can
help to drive Protecting from insecure and unreliable unauthorized third-party access. Using
understandable and concise, logical, and clear writing of information security objectives should
be the best thing to develop the metrics. Conducting a cost analysis makes estimating the
potential risk and the planned cost (Schoenfield, 2015).
They are implementing proper security policy with a clear identity for the organization's assets
that required protection either physically or personally in the network security level, setting up
the rules and expectations. To protect the information in the system and applications, make sure
to conduct a gap analysis, perform a risk assessment, and arrange a risk treatment plan. It can
help organizations build secure capabilities to commit outcomes such as data and breach events
and make sure the network floss and after this has process true the metrics and the events
accurately. Capture to be identified subsequently and see if the process data has any attacks are
intrusions detection and provide a quick and reliable look complex data for different
environments (Gur and Alagoz, 2015).
Vulnerabilities in the network must identify in a timely patent manner by doing some software
updates in the programmer system to find and evaluate vulnerabilities published well patches.
Moreover, the ability to find an appropriate Patch is not enough to end the network. A System
Administrator needs to apply a vulnerable network host and devices (Gur and Alagoz, 2015). A
counter-message should be selected appropriately, and It needs to be in first for a difficult task.
The various countermeasure enforcement policy expects cost and challenge. Due to a lack of
security testing, the beautiful abilities cost unstandardized design and development practices.
Testing should make Periodic efforts (Gur and Alagoz, 2015).
References
Gur, G., and Alagoz, F., 2015. Security Analysis of Computer Networks. [online]
Sciencedirect.com.
Schoenfield, B. S. (2015). Securing systems: Applied security architecture and threat models.
CRC Press.
Purchase answer to see full
attachment