Description
SUBJECT: Information System security.
-You may write on any topic related to technology security.
-You must produce a minimum of a "10 pages paper" You must use a minimum of 5 references.
- Assure you are citing in "APA format"
-You must use a minimum of one graphics (may use a table)
- "Double space" the paper
- You must use "APA format" (6th Edition)
Explanation & Answer
Attached.
Running head: INFORMATION SECURITY SYSTEM AND AWARENESS
INFORMATION SYSTEM SECURITY
Student’s Name
University Affiliation
Professor’s name
Course title
Date
1
INFORMATION SECURITY AND AWARENESS
2
INFORMATION SECURITY AND AWARENESS
3
The main aim of information system technology is to protect information of an organization from
loss of integrity, confidentiality and to make sure information is available to a certain level. Two
major elements are involved, risk management and risk analysis. In the risk management phase,
there is a selection of measures and security controls which enable reduction of risk to levels
which are acceptable by the organization. To be efficient, effective and reflect intelligence risk
management must occur in a security framework were measures are harmonized with
administrative, computer, physical security measure and the right personnel. Risk analysis, on
the other hand, involves taking inventory of information security system, the value of security
measures put in place is determined and the level of exposure to risk is established.
When risk management is the general management measure to an organization the need for
balance between organization information value and administrative, cost of personnel and
technological security measure. The security measure put in place by an organization need to be
cheaper in monetary terms than the anticipated loss of information, vulnerability, and integrity.
Risk analysis requires technical expertise in this field of information security and the right
information on the frequencies of attacks in the organization that may be beyond the capability
of the office personnel in the organization. An organization can set its objective in system
security by enabling growth and improvement of resources and expertise. When conducting risk
management one must be within a security framework where computer, administrative,
personnel, and physical security measure are used in the implementation of information security
measure.
INFORMATION SECURITY AND AWARENESS
Information system
Hardware/software
Administrative
personnel
physical
Table 1.
Information security framework:
4
INFORMATION SECURITY AND AWARENESS
5
The framework of security rules and policies in all aspects of an organization should deal with
information security, physical security, and personnel security. Clear roles and responsibilities
should be available to all levels of personnel in an organization from the information system
steering committee, security officers to users to enhance security. Putting in place appropriate
security program will create awareness to all staff reminding them of their responsibility as
representatives of organization information, possible security risk, and exposure. Organization,
design, and implementation of security policies are a key factor in determining the cost and
support of information security. Security measure at a particular level may enable
implementation of information security at other levels in an organization. Minimal regulation to
access of information allow minimal protection of information as long as the potential risks to
the organization is of reasonable outcome. Encryption strengthens data integrity and
confidentiality in situations where administrative, ...