Security Capstone Part 3

User Generated

Yrkvunaare

Computer Science

Description

You should continue your background research on your chosen topic. You should finish the discussion on all of the following sections:

  • Background and history on the topic
  • Why the topic is applicable
  • Details about the topic
  • Solutions on how the topic can be used

As you continue your analysis of your chosen topic, describe how the topic can integrate into a defense strategy, and what changes in the infrastructure would be needed to implement this technology. In addition, complete the following:

  • Add the finished discussions about the background and topic-specific details to the appropriate sections, and add the material about layered security to the Network Security section.


-4 pages content + references

-APA

-Use provided file as reference, it's the one from the previous week.

Unformatted Attachment Preview

Running head: INFORMATION SECURITY AND RISK MANAGEMENT CSS450: Information Security and Risk Management Raleigh Boots 22 May, 2018 1 INFORMATION SECURITY AND RISK MANAGEMENT 2 Table of Contents Guidelines for Effective Information Security Management System ............................................. 3 Data Governance ........................................................................................................................... 4 Network Security ............................................................................................................................ 5 Asset Security Management ......................................................................................................... 5 Complying with Security Regulations ............................................................................................ 6 Introduction to Data Governance………………………………………………………………6 Background …………………...………………………………………………………………....7 Data Governance…………………………………………………………………………………7 Importance of data classification and its application……………………………………….....8 Integration of information security and risk management into security program………….8 References ....................................................................................................................................... 9 INFORMATION SECURITY AND RISK MANAGEMENT 3 Guidelines for Effective Information Security Management System The corporate bodies must put in place proper information security management policies. This will help the management in staying safe from unnecessary inconveniences caused by loss and misplacement of documents. The policies and procedures are meant to offer guidance to the employees and employers on how to go about the legal provisions regarding information security management. The Information Security Act comes up with the security standards for both individuals and corporations. The Act was drafted and enacted to protect people and companies from unfair exploitation by unscrupulous dealers. In a world where information is key, it is important to come with a clear legal arrangement. The most important step in safeguarding information is to ensure a high level of confidentiality. The Information Technology Laboratory sets standards which must be met by the stakeholders. The institution comes up with test, test method, reference data, evidence of implementation and analysis t assist in the coming up and us of effective technology. The standard guidelines are normally as a result of quality consultation among the relevant agencies. The establishment of the relationship between the security standards and the guidelines are as a result of collaboration between the private and the public sector. The process of risk management must put into due consideration the risk that the U.S is exposed to, in terms of the security of the delicate and sensitive state information. Therefore, the private users of the cyberspace must subject themselves to proper guidance. This will help them in avoiding acts that may put the country’s security information at risk (Chenoweth, 2005). INFORMATION SECURITY AND RISK MANAGEMENT 4 Data Governance Data governance refers to the general usability, readiness, integrity and security of the data in a company. For a data governance arrangement to be complete, there is always the need to have a governance council. The council will help in coming up with the rules and the procedures on how to implement them. In the current technological dispensation, management of information security is taking over the place of IT. The previous years had always paid most of the attention to the IT. The implementation of information security was left to the IT experts and the technicians. The problem with such an approach was that it left so much gap on the governance procedures. However, over the time, the security management standards have transformed and as such witnessed massive improvements. The current data governance majorly used the ISO standards. Such standards have been used by so many organizations all over the world (Humphreys, 2008). Data governance a very vital component of the information risk management process. The social media platforms have in most instances tricked people into sharing their personal details. Such details are often converted into useful data. The data are used by both the corporate bodies and state agencies to further various agenda. Unfortunately, the conversation on data governance is one which has always been swept under the carpet by those parties that are unfairly benefiting from the unscrupulous act. To remedy the situation, it is important that the social media platforms be monitored on the manner in which they handle people’s personal details. The law must strike the delicate balance between individual’s right to privacy and state security. Neither of the concepts should be used at the expense of the other. Such a legal clarity will help in exposing the cyber criminals. INFORMATION SECURITY AND RISK MANAGEMENT 5 Network Security The design of network security is to offer protection to the integrity and usability the media data. The network security makes use of both the software and hardware technologies. The moment there is adequate security then the network becomes easily accessible. The security system singles out different kinds of threats and consequently stops then from reaching the network (Cohen, 1997). Network security plays a very pivotal role in the information security risk management system. The moment unwanted viruses end up accessing an individual’s cyber space, then there is the great risk vital documents and details getting eaten away. The loss of information can result to serious financial losses should they involve delicate financial records. Furthermore, the amount of work put in coming up with a new set of information and documents will obviously involve more resources, in terms of time and labor. Network security works through a combination of various defenses in the end and the network in general (Cohen, 1997). Asset Security Management There will always be need to mitigate the IT security risks. Security threat is dreaded by al the organizations all over the world. There are several approaches which can be taken in security asset management. These are: Usage of inventory: The inventory can used to single out all the malicious. The inventory software must be used in all the segments of the business. Once the information is used on a regular basis, the workers will be estopped from using prohibited software. The unauthorized software can always be identified and done away with. INFORMATION SECURITY AND RISK MANAGEMENT 6 Avoiding risky applications: Such applications may contain virus that may end up being too destructive in the long run. The malicious software can be prevented through the deployed. Moreover, it is possible to deploy the software behind the firewall. The organization will in the long run have effective control over the information management process. Promoting rationalization and standardization: This entails doing aware with the dormant and old soft wares. Such soft wares may turn into viruses and thus prove too messy. Complying with Security Regulations The current data governance majorly used the ISO standards. Such standards have been used by so many organizations all over the world. The Information Security Act comes up with the security standards for both individuals and corporations. The Act was drafted and enacted to protect people and companies from unfair exploitation by unscrupulous dealers. In a world where information is key, it is important to come with a clear legal arrangement. The data governance council assists in complying with the security regulations (Kelley, 2009). Introduction to Data Governance Every company no matter how small or large it needs to put in place a plan that ensures that its information asset is secured. This makes it necessary for a company to establish an information security and risk management team that manages and control all information assets concerning that company. A security and risk management program provides a framework on how to protect a company's data assets and also projects the risks that a company exposes itself to threats for failing to protect its data as well as outlining the policies on how to handle such risks when they occur. Background INFORMATION SECURITY AND RISK MANAGEMENT 7 Basically, Information Security Risk Management (ISRM) is a main concern to every organization around the world. Despite the fact that the number of existing ISRM strategies is immense, companies have continued to invest heavily in making new ISRM techniques keeping with the sole objective of capturing all the possible dangers of their intricate data frameworks accurately. This process remains a critical knowledge-intensive one for all companies. In most cases, however, the process is tended to in a specially appointed way. The presence of a methodical approach to the advancement of new or enhanced ISRM strategies and techniques would upgrade the adequacy of the procedure Kao (M. C., & Lee, 2014). In any organization, the loss of any information that is crucial may lead to damages to the organization. The information security and risk management programs secure documents that contain information providing guidelines and procedures that guide the operations of the organization. Failure to establish a practical plan to guarantee the safety of a company's information exposes it to risks. For instance, the Information Security Act states the security standards for individuals as well as corporations. This policy protects individuals and also organizations information from malicious and unauthorized dealers. Data Governance This refers to the availability, usability, validity and the safety of a company's data. With the dispensation of greatly advanced technology, most organization's data management team have resulted in the adoption of information technology to secure their information (Daily, et al., 2013). However, as a result of cybercrimes such as information phishing, there is need to develop effective counteractive measures such as developing cybercrime laws to govern the accessing and sharing of personal as well as organizations' data. INFORMATION SECURITY AND RISK MANAGEMENT 8 Importance of Data Classification and Its Application The main goal of classifying data in to enhance easy and efficient access at the time of retrieval. Information labeling ensures the safety of information as it is tagged according to the defined levels such as restricted, public, confidential and even internal use only. Information classification is useful in healthcare facilities to ensure confidentiality of patients' information thus ensuring the privacy of the patients. Integration of Information Security and Risk Management into Security Program Data security, however regularly saw as an arrangement of specific issues, must be held onto as a corporate administration duty that includes hazard administration, detailing controls, testing and preparing, and official responsibility (Schwalbe, 2015). It requires the dynamic commitment of all managers and the board of governance. Moreover, a task force of corporate governance for the national cyber security partnership has been developed to improve the data management techniques. The task force report provides governance policies and controls that may include the identification of cyber security roles and the duties of the management structures risk management establishment as well as quality assurance to the information users. INFORMATION SECURITY AND RISK MANAGEMENT 9 References Chenoweth, J. (2005). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Journal of Information Privacy and Security, 1(1), pp.43-44. Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), pp.247-255. Cohen, F. (1997). Managing network security — Part 5: Risk management or risk analysis. Network Security, 1997(4), pp.15-19. Kelley, B. (2009). Small concerns: nanotech regulations and risk management. SPIE Newsroom. Daily, C. M., Dalton, D. R., & Cannella Jr, A. A. (2013). Corporate governance: Decades of dialogue and data. Academy of management review, 28(3), 371-382. Kao, M. C., & Lee, Y. W. (2014). U.S. Patent No. 8,694,772. Washington, DC: U.S. Patent and Trademark Office. Schwalbe, K. (2015). Information technology project management. Cengage Learning
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

RUNNING HEAD: INFORMATION SECURITY AND RISK MANAGEMENT

Research Paper on Data Governance
Student Name
Student Number
Course Name
Course Number
Instructor Name
Institutional Affiliation
Submission Date

1

INFORMATION SECURITY AND RISK MANAGEMENT

2

Introduction
Information security and risk management is simply the process of handling uncertainties
linked through usage of information technology. It comprises identification, assessment, and
treatment of such risks to the discretion, honesty, and accessibility assets to an organization. The
primary objective is to treat the risks in regard to the total risk tolerance to an organization itself.
There should no expectations of complete eradication of the risks but instead the efforts should
be driven towards identifying and achieving a suitable risk level for the respective organization.
The act of securing information by an institution or an organization is alarmed with the
privacy truth and the handiness of data in whichever method data could be required. Such forms
of data include electronic and print media among other forms used in the data governance (Ab
Rahman, & Choo, 2015). Data security is vital to the extent to an organization's reliance on data
innovation. At the point when an organization's data is presented to risk, the utilization of data
security technology is inevitable. Current data security innovations, however, manages just a
little portion of the issue of information risk. Further, it is evident that data security innovations
do not reduce data risk adequately.
Subsequently, data governance has gone through critical changes for over 50 years.
Research shows that data arose from lock boxes of incongruent bequest transactional systems
while data governance then developed to be a different and complex discipline supported by
radical hardware and software. Data management has undergone through dow...


Anonymous
Great content here. Definitely a returning customer.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags