StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Information Security Management System - Conceptual Mapping - Coursework Example

Cite this document
Summary
The paper “The Information Security Management System – Conceptual Mapping” is a meaningful example of coursework on information technology. Organization information is regarded as one of the most crucial data in any business organization. However, with the advancement in technology, this corporate information has been under threat from a different computer attacker.
 …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.6% of users find it useful

Extract of sample "The Information Security Management System - Conceptual Mapping"

The Information Security Management System: Conceptual Mapping Name Institution Introduction Organization information is regarded as one of the most crucial data in any business organizations. However, with the advancement in technology, this corporate information has been under threat from a different computer attacker. Most companies have designed ways in ensuring cyber security. Information security is the term used to refer to the policies, collection tools, security concepts, information risks management approaches and guidelines that are set in order to secure the information of a business organization. In addition, companies and private individuals have developed ways in which they can implement best practices that can improve the information security in their business organizations (Becerra-Fernandez & Sabherwal, 2010). These practices involve designing knowledge management systems that will ensure that corporate data is handled with care and managed properly in order to prevent the breach of information security. According to Julisch (2013), there are different security threats to information in a business organization. Therefore, much of the way in protecting company information has relied on the established of a knowledge management system that will preserve the quality of company information and protect it from external hacker and fraud. Information security management systems are aimed at ensuring that information on the company is protected (Jennex, 2011). In fact, the information security management system aims to protect the confidentiality, information integrity and availability of corporate information to the authorized individuals (Dexter, 2002). This paper will evaluate the components of an effective knowledge management system in a business organization to ensure information integrity, confidentiality and availability. Overview of Information Security and Computer Crimes The development of a knowledge management system for information security is dependent on the understanding of different ways in which computer crimes are committed. This helps in the incorporation of a suitable element in the information management system. These information and computer crimes enable people to access codes, passwords of the information system, encryption codes and password cracking for vital corporate data. In managing the knowledge management system for information system, these computer crimes should be addressed fully. Social engineering This is where a hacker tricks an employee of a company into revealing the security codes in order to access company information. The knowledge management system should ensure that it focuses on policies that would prevent social engineering g practices in the company. Through social engineering, vital corporate information is leaked to third parties who use it against the company (Dexter, 2002). In addition, the information can be manipulated or modified such that it becomes useless for company use. Scanners These are individuals who are able to use scanning systems in the vulnerable computer operating system in order to access information on a company. These scanners are able to reveal service ports in the company. The scanners are able to scan through corporate information and gather vital information that can be used to attack the company. In addition, the information can be used by competitors to their advantages (Dexter, 2002). Password Cracker This is where an individual is able to crack the password to an information system in order to gain access to corporate information. Different approach is used in cracking the codes. Additionally, the computer crimes and illegal access to company information have different t ways of destroying the quality and integrity of information in a company (Bloomberg BusinessWeek, 2012). Knowledge Management System in Information Security The knowledge management system would include a set of policies and practices that will ensure protection of corporate information. In order to manage the information of the company, the knowledge management system has the following policies and protocols. There are two ways in which are crucial in ensuring proper management of corporate knowledge (Kruger & Kearney, 2006). Policy of the Knowledge Management System Although different policies and regulation have been developed and implemented, information insecurity continues to be a threat to most organizations. This is due to poor management policies in corporate information (Demergis, 2013). The development and implementation of computer protection and management policies is crucial for information defence. This is because policies ensure sound management of company knowledge and documents. In order to ensure information security, there is the need to analyse the ways in which organization information is used by employees on how the knowledge information management system functions. The knowledge information system in information security should cover the following areas (Jennex, 2011). (i) A password management system In controlling access to information systems, the knowledge management system should state policies that are in policy in order to ensure proper management of access password and computer passwords. The management system should be able to stipulate the limitations in accounts administration of company information in regard to operating systems, servers and computer system applications. The information management system should include the following procedure in establishing a password management policy (Bloomberg BusinessWeek, 2012). (a) The procedure that is involved in managing passwords and procedure for protecting files and administration accounts in the company. (b) The information system in the company should be able to generate passwords in a random manner so that each individual is able to have his or her own password. This makes it possible to establish the people who access company information without authorization. (c) Length of password life (d) Strength of passwords (e) Expiry date of passwords (ii) Ant-virus The knowledge management system in information security should be able to identify vulnerable areas in information systems. Antivirus is used especially when the company systems are connected to the outside world through the internet, community and other devices. This means that the company should employ an effective anti-virus policy in the company to be incorporated in the information management system (Solms & Niekerk, 2013). (iii) Proprietary Information There is information that the company does not want exposed to the external world and some employees in the company. This information includes product designs, strategic human resource planning information, financial accounting and financial forecasting data, and staff medical records. The company knowledge management system in securing company information should include a policy that ensures a proper management process of sensitive information. The incorporation of the password management, proprietary information and antivirus policies in the organization knowledge management system for information security is helpful in ensuring sound information practices in the organization. Technology There are a number of information technologies that can be incorporated into the knowledge information system in order to ensure information security. This information technology offers insurance against the unauthorized access, loss of company data, modification of data without authorization and attacks (Treek, 2003). The interplay between policy and technology is crucial in ensuring information security. Perimeter defence systems are the defence mechanism that is incorporated in a management system in order to detect unauthorized access into information systems. These mechanisms are founded at the boundaries of the assets that are protected, whether it is a network, host tied to a network or a machine such as computers. Such mechanisms include firewalls, virtual private networks, and intrusion detection systems. In most cases, such mechanisms are in the form of hardware, software or a combination of software and hardware (Dexter, 2002). Perimeter defence technologies make use of standard based technologies such as Internet Protocol Security (IPsec). This is a standard for encryption, authentication, and internet tunnelling. This means that the information security system should include firewalls, encryptions and intrusion detection systems. Firewalls are able to block the internet users from access the corporate information without identification. This implies that there is not communication between the company and private users. There are also intrusion detection mechanisms that are able to detect any unauthorized access of information. These systems are able to keep a record on networks levels and host information (Jennex, 2011). On the other hand, virtual private networks provide information security from cyber criminals. The virtual private networks are able to encrypt the sources and destination addresses so that they are not exposed to the internet. There are also ways in which persons in a communication network are able to share information in a secure mode. Therefore, companies should design their knowledge management system for information security through the guidelines in policy making and use of different technologies in order to protect the company data (Fernandez & Fernandez, 2005). Conclusion Business organization strives to secure information system from unauthorized individuals. There are different knowledge management systems that can be used in ensuring that proper measures are inn policy to protect company information and ensure a working information system. In addition, companies and private individuals have developed ways in which they can implement best practices that can improve the information security in their business organizations. These practices involve designing knowledge management systems that will ensure that corporate data is handled with care and managed properly in order to prevent the breach of information security. There are different ways in which company information security can be compromised. These include password crackers, scanners, and social engineering which enables private individual to access company data. A mechanism that is included in information management systems include firewalls, encryption codes, virtual private networks and intrusion detection systems that are able to protect the data from external access. Therefore, in ensuring quality knowledge management systems these considerations should be implemented. References Becerra-Fernandez, I., & Sabherwal, R. (2010). Knowledge Management: Systems and Processes. New York: M.E. Sharpe. Bloomberg BusinessWeek. (2012). Cyber Crime and Information Warfare: A 30-Year History. Bloomberg BusinessWeek. Retrieved from: http://images.businessweek.com/ss/10/10/1014_cyber_attacks/8.htm Demergis, J. (2013). Proceedings of the 9th European Conference on Information Warfare and Security. London: Academic Conferences Limited. Dexter, H. (2002). The cyber security management systems: A conceptual mapping. Retrieved from http://www.sans.org/reading_room/whitepapers/basics/cyber-security-management-system-conceptual-mapping_591 Fernandez, J., & Fernandez, A. (2005). SCADA systems: Vulnerabilities and remediation. Journal of Computing Sciences in Colleges, 20(4), 160– 168. Jennex, M. (2011). Crisis Response and Management and Emerging Information Systems: Critical Applications. Hershey: Idea Group Inc. Julisch, K. (2013). Understanding and overcoming cyber security anti-patterns. Computer Networks, 57 (3), 2206–2211. Kruger, H., & Kearney, W. (2006). A prototype for assessing information security Awareness. Computer and security, 26(2), 289-296. Solms, R., & Niekerk, J. (2013). From information security to cyber security. Computers and Security, 1(2), 1-6. Treek, D. (2003). An integral framework for information systems security management. Computer and security, 22(4), 337-366. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Information Security Management System - Conceptual Mapping Coursework, n.d.)
The Information Security Management System - Conceptual Mapping Coursework. https://studentshare.org/information-technology/2080971-a-case-study-design-norah
(The Information Security Management System - Conceptual Mapping Coursework)
The Information Security Management System - Conceptual Mapping Coursework. https://studentshare.org/information-technology/2080971-a-case-study-design-norah.
“The Information Security Management System - Conceptual Mapping Coursework”. https://studentshare.org/information-technology/2080971-a-case-study-design-norah.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Information Security Management System - Conceptual Mapping

Model for Integrating Physical and Virtual Identity Management Systems

Control of personal information Clear mapping between physical and virtual identity Conceal information This theory is relevant since it provides an individual certain rights to control the exposure of his personal information.... The researcher of this essay will make an earnest attempt at identifying and evaluating a model for integrating physical and virtual identity management systems.... The researcher of this essay aims to analyze suitable attributes for interoperable identity management systems....
39 Pages (9750 words) Thesis

Information Systems Management in E-Government

According to HM Government and Ordnance Survey (2011), the initiative of Public Sector mapping Agreement (PMSA) is targeted to create 'a common location data framework for joining up policy and providing services' and achieve 'better planning to meet e-governance targets and initiatives'.... For example, the Department of Communities and Local Government (DCLG) has revealed concerns about creating optimum software for the purpose of digital mapping and related data analysis (The Health and Social Care Information Centre, 2011)....
8 Pages (2000 words) Assignment

Value Stream Mapping of Vibration Test Data in a Product Life Cycle

For this purpose, Value Stream mapping (VSM) is.... his review of the literature delves on the ideas and studies of others on the topic of value stream mapping.... ollowing a brief description of lean principles and methodologies, we describe Value Stream mapping (VSM) in detail and discuss the significance of value as well as... There are issues of quality and procedures to consider for data management and movement, security and traceability, and appropriate data modelling....
33 Pages (8250 words) Thesis

Literature review in E-commerce in saudi arabia

The study introduced a conceptual framework model, which aims at encouraging confidence in e-commerce retailing domain in Saudi Arabia is a tardy e-commerce adopter and the e-commerce development and is slow in progress in contrast to the leading and developed countries.... ata obtained fro 273 respondents Identified eight main barriers to weak after sale support, fear of product un-arrival, unavailability of shipping in vendors websites, website language, no initial experience regarding online shopping, unavailable of house mailing address, payment system issues and high purchasing costs....
2 Pages (500 words) Assignment

Location Awareness in Mobile Commerce

Nevertheless, the GPS does not offer any functionality beyond receiving satellite communication and calculating the position of the information.... Some of the applications that employ the use of GPS are surveying, tracking devices, navigation systems and mapping.... One such technology that is based on location sensing is the Geographic Positioning system (GPS).... Some major fundamentals associated with context aware system are acquiring context, understanding and abstracting context and employing application behaviour in fulfilling recognised context....
6 Pages (1500 words) Assignment

Penetration Testing in Network Security

Clearly, from the above-listed features of the tool, it can impose great losses to an organization's computer network system.... omputer hackers are always at the doorstep of a computer network system with the major aim of exploiting the vulnerable sections of a network.... enetration testing entails security evaluation of a company's interconnection of computer systems with an effort to circumvent the security status of its key features based on the system design and implementation of the networking services....
10 Pages (2500 words) Report

Assessing Spatial Data Infrastructures Using Management Model

This paper will discuss the importance of using the Management Model evaluation framework for the comparisons as well as the system attributes.... This literature review "Assessing Spatial Data Infrastructures Using management Model" presents various spatial data infrastructure performance.... This paper will use the management Model evaluation framework to evaluate and compare land administration systems between Australia and Switzerland.... management Model evaluation framework explains that land is a natural resource that requires sustainable use and development in order to benefit the general population....
8 Pages (2000 words) Literature review

Kuwait Oil Company's Major Activities

The major interpretation challenges are a precise mapping of the intra reservoirs in the Cretaceous formations and the associated lateral formations, and also mapping and identification of stratigraphic traps.... In oil and gas exploration, the challenges are in the imaging and mapping of the Jurassic fractured reservoirs and the deep prospecting.... D- team D is in charge of discovery promotion and its task is the supervision of production tests and promotion of discoveries in field development with conceptual Development plan (CDP)all this aiming at reduction in Exploration-to-Production cycle....
7 Pages (1750 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us