SlideShare ist ein Scribd-Unternehmen logo

ISSC361_Project_John_Intindolo

Als DOC, PDF herunterladen
John Intindolo
John Intindolo
1 von 10
Running head: PLANNING AND IMPLEMENTING INFORMATION SECURITY 1 Planning and Implementing Information Security John Intindolo American Public University
PLANNING AND IMPLEMENTING INFORMATION SECURITY 2 Planning and Implementing Information Security Information Security has become a point of emphasis for almost everyone in today’s world. A large portion of the population has a computer that they use for their daily activities. Some use it to do their homework, pay their bills, or even balance their checkbook. Others may use their computer to keep in touch with family and friends through social media websites, or to keep up track of their fantasy football team’s stats. Businesses may rely on their computer network to perform daily business transactions, store pertinent financial and customer data. The one thing that they all share is that they need to be connected to the Internet. The different types of networks that connect the user to the computer can come in many forms. That connection could be through an at home network with a single computer connected, or a large family with several computers, laptops, and smart phones connected, to a small business with a group of computers connected to their network, or it could even be a large corporation that has multiple networks spread across multiple locations. The point is no matter how big or small a network is, the common things they all share is the need for their information to remain secure. So what is Information Security? Information Security is the practice of defending information from being accessed, used, disclosed modified, inspected, recorded, or destroyed by someone who is unauthorized to do so (“Definition of information security,” 2012). As demonstrated by that definition, Information Security does not relate only to computers. Whenever a person locks a file cabinet, or requires a passcode to open safe they are using a form of Information Security. Other examples of putting Information Security methods into place would be when a person uses a password to log onto their phone or computer. Some may simply be trying to protect their personal photos or their music catalog of mp3’s, others like businesses are looking to protect financial data (such as employee payroll records), customer data (such as billing and credit card information), or even
PLANNING AND IMPLEMENTING INFORMATION SECURITY 3 intellectual property (such as trade secrets). The point is to keep unauthorized access from the system no matter how big or how small that system is. What are the three main purposes of Information Security? The three main purposes of Information Security are to protect the confidentiality, integrity, and availability of information. This is commonly known in the Information Technology field as the CIA Triad of Information Security. Confidentiality refers to ensuring that the information is kept from being accessed by those who are not authorized to do so. The integrity of Information Security simply put means that the information is valid or trustworthy. Integrity ensures that the information has not been corrupted in any way while entering the system. Availability is the third main purpose of Information Security and as the name suggests, refers to keeping the availability of information resources. Availability can be disrupted in several different ways including the following: a technical issue breaking the connection to the network, a natural disaster that causes a power outage, or a man-made disaster that was done either accidently or intentionally. All three aspects of the CIA Triad are important and without all three being implemented the security of the system will fail. There are two other security measures of Information Security that are an extension of the CIA Triad umbrella and they are: Authentication and Nonrepudiation. Authentication is “the process of determining whether someone or something is, in fact, who or what, it is declared to be” (“Authentication vs.,” 2013). This can be accomplished through the use of passwords for instance. Another example of authentication would be through the use of security badges or a fingerprint scanner. If the person is not authenticated that they are who they say they are, then they will not be able to connect to the network. It is important to use strong passwords so that they may not be easily guessed by an attacker. Sometimes a password is just not secure enough alone, and that would require the use of Multi-factored authentication. What
PLANNING AND IMPLEMENTING INFORMATION SECURITY 4 this means is that two or more authentication practices must be used before allowing someone access to the network. For example, a password and the person’s social security number. Repudiation can be defined as “the denial of an entity of having participated in all or part of a communication” (Kremer & Raskin, p. 1). Therefore, nonrepudiation would be the complete opposite of that, and indicates that the original source of data or the person who the data was sent to has absolutely received the data. There are choices that must be made in maintaining the security of information and ensuring that the CIA Triad is being followed. These choices come in three different forms: rule- based decisions, relativistic decisions, and rational decisions. Rule-based decisions are widely accepted guidelines that are imposed for all subjects. Some examples of this would be a person locking their doors to their house and locking their car doors. No one is making the person lock their doors, but it is widely accepted as a practice of security. Relativistic decisions are decisions that are made in an attempt to “one-up” someone who has similar security problems. An example of this type of decision would be if a person went over to their friend’s house and saw their security system, and then decided to go out and buy a more advanced security system for themselves. In the field of Information Security this may not always be done just to “one-up” another person’s security for bragging rights, but rather to ensure that their information remains secured. The third common security decision is called a rational decision. This means that the decision is based on analyzing the security process, and making a well thought-out plan to determine the best measures to take. What is the security process? The security process is a list of six phases that goes through the details of a problem systematically and comes up with a rational decision to correct them. The six phases are as follows: identify the assets, analyze the risk of an attack, establish a security policy, implement the defenses, monitor the defenses, and recover from attacks (Smith, 2011, p. 5). Each of the six
PLANNING AND IMPLEMENTING INFORMATION SECURITY 5 phases are connected to each other. They are performed in order and each subsequent step builds upon the results of the previous one. If there is an issue in a later step that states that an earlier phase is incorrect, then the earlier step will be revisited and corrected. Phase one is identifying the assets. This is done so that the most important data can be separated from the least important. Identifying the assets will allow the security team to understand what is pertinent to the organization and in need of protection. The second phase is to analyze the risk of an attack. The purpose of this part of the security process is to identify where there are weaknesses, so that they may be secured before an attacker has the chance to exploit them. Establishing a security policy is the third phase and will create a set of rules that everyone within the organization must follow. It does not matter if it is the CEO of the company or a customer service representative. The security policy must be followed by all or it will fail. Phase four is to implement the defenses. These defenses will protect the organization’s network from an attack or an intrusion. This is where firewalls, anti-virus programs, anti-malware programs, etc. are deployed. Phase five is to monitor the defenses that have been implemented. If a there is a weakness in one of the defense that have been put into place, then the CIA of the organization’s network is at risk. Therefore, when there is a weakness it must be corrected and done so before it has a chance to be exploited. This continuous improvement is extremely important to the success of a secure network. Technologies are constantly changing so if the defenses are not being constantly monitored and updated the system will not survive. Phase six of the process is recovering from attacks. No system is one-hundred percent impervious to an attack, so it is important to have a plan in place to recover from an attack. Now that the purpose of Information Security, the security decisions, and the security process have all been defined, how does one implement Information Security?
PLANNING AND IMPLEMENTING INFORMATION SECURITY 6 The first step in implementation is to do a full risk assessment. According to Kiran, Reddy, & Haritha, “Risk assessment is the progression that identifies and valuates the risks to information security by defining the likelihood of occurrence and the resulting impact” (2013, p. 41).What this means is that any and every asset to the organization will be analyzed and prioritized, from the most important all the way down to the assets of smallest amount importance. This is the foundation for a secure organization. The next step would be to create a security policy. The purpose of the security policy is to determine the guidelines that every single person within the organization to follow. It is important that those at the top of the organization follow this rule as well, and stress its importance to everyone else. Why is so important for everyone to follow the security policy? The reason it is important for everyone to follow the security policy is because employees who comply with the policy are the key to strengthening Information Security (Bulgurcu, Cavusoglu, & Benbasat, 2010, p. 523). If everyone does not follow the policy the system will falter. The security policy is a written policy that provides protection not only over the information itself, but also the equipment and software that is used to process, stockpile, and communicate that information. For reasons previously mentioned, it is extremely important that the policy is constantly reviewed and updated to correct areas of weakness. At this point is the next step would be to put together a security administration team. This group of individuals will oversee that everyone within the organization is adhering to the security policy. Having a team that works together will make it a lot easier to ensure that everyone is following the security policy. If a company has hundreds of employees it may be difficult for one or two people to monitor them all. A security administration team can be broken up into different sectors of the organization. It is important that all members of the security administration team
PLANNING AND IMPLEMENTING INFORMATION SECURITY 7 work collaboratively to ensure that the policy is being followed. In other words, everyone on the team should know if any issues come about in a sector that another administrator is overseeing. An incident response plan would be the next logical step in implementing information security. This plan will handle any and all incidents that occur, no matter how big or how minuscule. As stated earlier, no system is immune to an attack no matter how secure it may be. It is for this reason that it is of the utmost importance to have an incident response plan that will be a guide for the incident response team to follow. This guide will save time and confusion in the event of an intrusion. By documenting how to handle each and every incident, the team will maintain connectivity or greatly reduce the downtime of the organization’s network when an attack occurs. Additionally, the incident response plan can give the incident response team the ability to isolate the incident, stop the attack from spreading, and doing more damage throughout the network. Now that an incident response plan has been put into place, the next step would be to create an incident response team. The duties of the incident response team are to follow the guidelines set forth in the incident response plan when an instance has taken place. As stated above the response team will respond immediately to an incident and prevent the attack from causing greater damage to the network by remedying the situation in a timely manner. Furthermore, it is the incident response teams’ responsibility to keep the organization up and running, or minimize the amount of time it is down following an attack. The members of the incident response team are governed by the security administration team. Keeping the business up and running or reducing the downtime of a network are important factors that an incident response team is responsible for. This is accomplished by following a business continuity plan. A business continuity plan will describe how to keep business moving in the event of an incident. Not all incidents are a result of an attack however. Some are the result of
PLANNING AND IMPLEMENTING INFORMATION SECURITY 8 natural disasters such as an earthquake, tornado, or snow storm. The damage could be a simple power outage or the data could be destroyed altogether. With man-made disasters the problems can range from a malicious attack all the way to physical damage of equipment and software. A big part of business continuity is to have constant backups that are performed once every 24 hours. Now if an office is hit by a tornado then that backup is most likely rendered useless; therefore, backups should be stored at a secure off-site location. Everyone wants there information to be kept secure. Whether it’s a teenager wanting their music files protected, a man’s banking information, or a business’s financial and customer data, the one thing that remains constant is the need for Information Security. Information Security does not provide a quick fix solution. There is no one-step process that is the end all be all solution. If there was one though could it be trusted? After all if something sounds too good to be true it usually is. Information Security is instead a lengthy and complicated process that takes a collaborative effort from everyone involved to make it work. There is no fool proof plan to protect a network one-hundred percent, but if the policies and strategies outlined in this paper are followed it will greatly reduce the risk of an attack.
PLANNING AND IMPLEMENTING INFORMATION SECURITY 9 References Authentication vs. authorization. (2013). Retrieved from http://protect.iu.edu/cybersecurity/authn-authz Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-A7. Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Kiran, K., Reddy, L., & Haritha, N. (2013). A Comparative Analysis on Risk Assessment Information Security Models. International Journal Of Computer Applications, 82(1-13), 41-47. Kremer, S., & Raskin, J. F.(n.d.). A game approach to the verification of exchange protocols. Retrieved from http://robotics.eecs.berkeley.edu/~wlr/228a02/papers/NonRepudiation.pdf Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning.
PLANNING AND IMPLEMENTING INFORMATION SECURITY 9 References Authentication vs. authorization. (2013). Retrieved from http://protect.iu.edu/cybersecurity/authn-authz Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-A7. Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Kiran, K., Reddy, L., & Haritha, N. (2013). A Comparative Analysis on Risk Assessment Information Security Models. International Journal Of Computer Applications, 82(1-13), 41-47. Kremer, S., & Raskin, J. F.(n.d.). A game approach to the verification of exchange protocols. Retrieved from http://robotics.eecs.berkeley.edu/~wlr/228a02/papers/NonRepudiation.pdf Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning.

Empfohlen

ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 

Empfohlen

ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance frameworkAnne ndolo
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationRamiro Cid
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Rishav_QA
Rishav_QARishav_QA
Rishav_QARishav Singh
 
RPP
RPPRPP
RPPAmalia Sofitri
 

Weitere ähnliche Inhalte

Was ist angesagt?

IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance frameworkAnne ndolo
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationRamiro Cid
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 

Was ist angesagt? (20)

IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance framework
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controls
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk Aggregation
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 

Andere mochten auch

ทฤษฎีการเรียนรู้ของธอร์นไดค์
ทฤษฎีการเรียนรู้ของธอร์นไดค์ทฤษฎีการเรียนรู้ของธอร์นไดค์
ทฤษฎีการเรียนรู้ของธอร์นไดค์mekshak
 
مدونة التجارة
مدونة التجارةمدونة التجارة
مدونة التجارةyousef jaafar
 
Manar ghanim's resume 17
Manar ghanim's resume 17Manar ghanim's resume 17
Manar ghanim's resume 17Manar Ghanim
 
Tokyo_Final Report_26_05_2014
Tokyo_Final Report_26_05_2014Tokyo_Final Report_26_05_2014
Tokyo_Final Report_26_05_2014Yidan Xu
 
Final Revised PhD Thesis Jan 2014
Final Revised PhD Thesis Jan 2014Final Revised PhD Thesis Jan 2014
Final Revised PhD Thesis Jan 2014Stella Adagiri
 

Andere mochten auch (12)

Rishav_QA
Rishav_QARishav_QA
Rishav_QA
 
RPP
RPPRPP
RPP
 
BEST WESTERN Indiana Inn
BEST WESTERN Indiana InnBEST WESTERN Indiana Inn
BEST WESTERN Indiana Inn
 
PROFILE
PROFILEPROFILE
PROFILE
 
ทฤษฎีการเรียนรู้ของธอร์นไดค์
ทฤษฎีการเรียนรู้ของธอร์นไดค์ทฤษฎีการเรียนรู้ของธอร์นไดค์
ทฤษฎีการเรียนรู้ของธอร์นไดค์
 
مدونة التجارة
مدونة التجارةمدونة التجارة
مدونة التجارة
 
my curriculum
my curriculummy curriculum
my curriculum
 
Manar ghanim's resume 17
Manar ghanim's resume 17Manar ghanim's resume 17
Manar ghanim's resume 17
 
Alliaud historia del magisterio en argentina
Alliaud historia del magisterio en argentinaAlliaud historia del magisterio en argentina
Alliaud historia del magisterio en argentina
 
Tokyo_Final Report_26_05_2014
Tokyo_Final Report_26_05_2014Tokyo_Final Report_26_05_2014
Tokyo_Final Report_26_05_2014
 
Final Revised PhD Thesis Jan 2014
Final Revised PhD Thesis Jan 2014Final Revised PhD Thesis Jan 2014
Final Revised PhD Thesis Jan 2014
 
DOLETA!
DOLETA!DOLETA!
DOLETA!
 

Ähnlich wie ISSC361_Project_John_Intindolo

The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case StudyAngilina Jones
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxInfosectrain3
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
SafeguardsintheworkplaceAdam Richards
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 

Ähnlich wie ISSC361_Project_John_Intindolo (20)

The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Information security
Information securityInformation security
Information security
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
Safeguardsintheworkplace
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 

Mehr von John Intindolo

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloJohn Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloJohn Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloJohn Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloJohn Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloJohn Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloJohn Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloJohn Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloJohn Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloJohn Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloJohn Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloJohn Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloJohn Intindolo
 

Mehr von John Intindolo (16)

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_Intindolo
 

ISSC361_Project_John_Intindolo

  • 1. Running head: PLANNING AND IMPLEMENTING INFORMATION SECURITY 1 Planning and Implementing Information Security John Intindolo American Public University
  • 2. PLANNING AND IMPLEMENTING INFORMATION SECURITY 2 Planning and Implementing Information Security Information Security has become a point of emphasis for almost everyone in today’s world. A large portion of the population has a computer that they use for their daily activities. Some use it to do their homework, pay their bills, or even balance their checkbook. Others may use their computer to keep in touch with family and friends through social media websites, or to keep up track of their fantasy football team’s stats. Businesses may rely on their computer network to perform daily business transactions, store pertinent financial and customer data. The one thing that they all share is that they need to be connected to the Internet. The different types of networks that connect the user to the computer can come in many forms. That connection could be through an at home network with a single computer connected, or a large family with several computers, laptops, and smart phones connected, to a small business with a group of computers connected to their network, or it could even be a large corporation that has multiple networks spread across multiple locations. The point is no matter how big or small a network is, the common things they all share is the need for their information to remain secure. So what is Information Security? Information Security is the practice of defending information from being accessed, used, disclosed modified, inspected, recorded, or destroyed by someone who is unauthorized to do so (“Definition of information security,” 2012). As demonstrated by that definition, Information Security does not relate only to computers. Whenever a person locks a file cabinet, or requires a passcode to open safe they are using a form of Information Security. Other examples of putting Information Security methods into place would be when a person uses a password to log onto their phone or computer. Some may simply be trying to protect their personal photos or their music catalog of mp3’s, others like businesses are looking to protect financial data (such as employee payroll records), customer data (such as billing and credit card information), or even
  • 3. PLANNING AND IMPLEMENTING INFORMATION SECURITY 3 intellectual property (such as trade secrets). The point is to keep unauthorized access from the system no matter how big or how small that system is. What are the three main purposes of Information Security? The three main purposes of Information Security are to protect the confidentiality, integrity, and availability of information. This is commonly known in the Information Technology field as the CIA Triad of Information Security. Confidentiality refers to ensuring that the information is kept from being accessed by those who are not authorized to do so. The integrity of Information Security simply put means that the information is valid or trustworthy. Integrity ensures that the information has not been corrupted in any way while entering the system. Availability is the third main purpose of Information Security and as the name suggests, refers to keeping the availability of information resources. Availability can be disrupted in several different ways including the following: a technical issue breaking the connection to the network, a natural disaster that causes a power outage, or a man-made disaster that was done either accidently or intentionally. All three aspects of the CIA Triad are important and without all three being implemented the security of the system will fail. There are two other security measures of Information Security that are an extension of the CIA Triad umbrella and they are: Authentication and Nonrepudiation. Authentication is “the process of determining whether someone or something is, in fact, who or what, it is declared to be” (“Authentication vs.,” 2013). This can be accomplished through the use of passwords for instance. Another example of authentication would be through the use of security badges or a fingerprint scanner. If the person is not authenticated that they are who they say they are, then they will not be able to connect to the network. It is important to use strong passwords so that they may not be easily guessed by an attacker. Sometimes a password is just not secure enough alone, and that would require the use of Multi-factored authentication. What
  • 4. PLANNING AND IMPLEMENTING INFORMATION SECURITY 4 this means is that two or more authentication practices must be used before allowing someone access to the network. For example, a password and the person’s social security number. Repudiation can be defined as “the denial of an entity of having participated in all or part of a communication” (Kremer & Raskin, p. 1). Therefore, nonrepudiation would be the complete opposite of that, and indicates that the original source of data or the person who the data was sent to has absolutely received the data. There are choices that must be made in maintaining the security of information and ensuring that the CIA Triad is being followed. These choices come in three different forms: rule- based decisions, relativistic decisions, and rational decisions. Rule-based decisions are widely accepted guidelines that are imposed for all subjects. Some examples of this would be a person locking their doors to their house and locking their car doors. No one is making the person lock their doors, but it is widely accepted as a practice of security. Relativistic decisions are decisions that are made in an attempt to “one-up” someone who has similar security problems. An example of this type of decision would be if a person went over to their friend’s house and saw their security system, and then decided to go out and buy a more advanced security system for themselves. In the field of Information Security this may not always be done just to “one-up” another person’s security for bragging rights, but rather to ensure that their information remains secured. The third common security decision is called a rational decision. This means that the decision is based on analyzing the security process, and making a well thought-out plan to determine the best measures to take. What is the security process? The security process is a list of six phases that goes through the details of a problem systematically and comes up with a rational decision to correct them. The six phases are as follows: identify the assets, analyze the risk of an attack, establish a security policy, implement the defenses, monitor the defenses, and recover from attacks (Smith, 2011, p. 5). Each of the six
  • 5. PLANNING AND IMPLEMENTING INFORMATION SECURITY 5 phases are connected to each other. They are performed in order and each subsequent step builds upon the results of the previous one. If there is an issue in a later step that states that an earlier phase is incorrect, then the earlier step will be revisited and corrected. Phase one is identifying the assets. This is done so that the most important data can be separated from the least important. Identifying the assets will allow the security team to understand what is pertinent to the organization and in need of protection. The second phase is to analyze the risk of an attack. The purpose of this part of the security process is to identify where there are weaknesses, so that they may be secured before an attacker has the chance to exploit them. Establishing a security policy is the third phase and will create a set of rules that everyone within the organization must follow. It does not matter if it is the CEO of the company or a customer service representative. The security policy must be followed by all or it will fail. Phase four is to implement the defenses. These defenses will protect the organization’s network from an attack or an intrusion. This is where firewalls, anti-virus programs, anti-malware programs, etc. are deployed. Phase five is to monitor the defenses that have been implemented. If a there is a weakness in one of the defense that have been put into place, then the CIA of the organization’s network is at risk. Therefore, when there is a weakness it must be corrected and done so before it has a chance to be exploited. This continuous improvement is extremely important to the success of a secure network. Technologies are constantly changing so if the defenses are not being constantly monitored and updated the system will not survive. Phase six of the process is recovering from attacks. No system is one-hundred percent impervious to an attack, so it is important to have a plan in place to recover from an attack. Now that the purpose of Information Security, the security decisions, and the security process have all been defined, how does one implement Information Security?
  • 6. PLANNING AND IMPLEMENTING INFORMATION SECURITY 6 The first step in implementation is to do a full risk assessment. According to Kiran, Reddy, & Haritha, “Risk assessment is the progression that identifies and valuates the risks to information security by defining the likelihood of occurrence and the resulting impact” (2013, p. 41).What this means is that any and every asset to the organization will be analyzed and prioritized, from the most important all the way down to the assets of smallest amount importance. This is the foundation for a secure organization. The next step would be to create a security policy. The purpose of the security policy is to determine the guidelines that every single person within the organization to follow. It is important that those at the top of the organization follow this rule as well, and stress its importance to everyone else. Why is so important for everyone to follow the security policy? The reason it is important for everyone to follow the security policy is because employees who comply with the policy are the key to strengthening Information Security (Bulgurcu, Cavusoglu, & Benbasat, 2010, p. 523). If everyone does not follow the policy the system will falter. The security policy is a written policy that provides protection not only over the information itself, but also the equipment and software that is used to process, stockpile, and communicate that information. For reasons previously mentioned, it is extremely important that the policy is constantly reviewed and updated to correct areas of weakness. At this point is the next step would be to put together a security administration team. This group of individuals will oversee that everyone within the organization is adhering to the security policy. Having a team that works together will make it a lot easier to ensure that everyone is following the security policy. If a company has hundreds of employees it may be difficult for one or two people to monitor them all. A security administration team can be broken up into different sectors of the organization. It is important that all members of the security administration team
  • 7. PLANNING AND IMPLEMENTING INFORMATION SECURITY 7 work collaboratively to ensure that the policy is being followed. In other words, everyone on the team should know if any issues come about in a sector that another administrator is overseeing. An incident response plan would be the next logical step in implementing information security. This plan will handle any and all incidents that occur, no matter how big or how minuscule. As stated earlier, no system is immune to an attack no matter how secure it may be. It is for this reason that it is of the utmost importance to have an incident response plan that will be a guide for the incident response team to follow. This guide will save time and confusion in the event of an intrusion. By documenting how to handle each and every incident, the team will maintain connectivity or greatly reduce the downtime of the organization’s network when an attack occurs. Additionally, the incident response plan can give the incident response team the ability to isolate the incident, stop the attack from spreading, and doing more damage throughout the network. Now that an incident response plan has been put into place, the next step would be to create an incident response team. The duties of the incident response team are to follow the guidelines set forth in the incident response plan when an instance has taken place. As stated above the response team will respond immediately to an incident and prevent the attack from causing greater damage to the network by remedying the situation in a timely manner. Furthermore, it is the incident response teams’ responsibility to keep the organization up and running, or minimize the amount of time it is down following an attack. The members of the incident response team are governed by the security administration team. Keeping the business up and running or reducing the downtime of a network are important factors that an incident response team is responsible for. This is accomplished by following a business continuity plan. A business continuity plan will describe how to keep business moving in the event of an incident. Not all incidents are a result of an attack however. Some are the result of
  • 8. PLANNING AND IMPLEMENTING INFORMATION SECURITY 8 natural disasters such as an earthquake, tornado, or snow storm. The damage could be a simple power outage or the data could be destroyed altogether. With man-made disasters the problems can range from a malicious attack all the way to physical damage of equipment and software. A big part of business continuity is to have constant backups that are performed once every 24 hours. Now if an office is hit by a tornado then that backup is most likely rendered useless; therefore, backups should be stored at a secure off-site location. Everyone wants there information to be kept secure. Whether it’s a teenager wanting their music files protected, a man’s banking information, or a business’s financial and customer data, the one thing that remains constant is the need for Information Security. Information Security does not provide a quick fix solution. There is no one-step process that is the end all be all solution. If there was one though could it be trusted? After all if something sounds too good to be true it usually is. Information Security is instead a lengthy and complicated process that takes a collaborative effort from everyone involved to make it work. There is no fool proof plan to protect a network one-hundred percent, but if the policies and strategies outlined in this paper are followed it will greatly reduce the risk of an attack.
  • 9. PLANNING AND IMPLEMENTING INFORMATION SECURITY 9 References Authentication vs. authorization. (2013). Retrieved from http://protect.iu.edu/cybersecurity/authn-authz Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-A7. Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Kiran, K., Reddy, L., & Haritha, N. (2013). A Comparative Analysis on Risk Assessment Information Security Models. International Journal Of Computer Applications, 82(1-13), 41-47. Kremer, S., & Raskin, J. F.(n.d.). A game approach to the verification of exchange protocols. Retrieved from http://robotics.eecs.berkeley.edu/~wlr/228a02/papers/NonRepudiation.pdf Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning.
  • 10. PLANNING AND IMPLEMENTING INFORMATION SECURITY 9 References Authentication vs. authorization. (2013). Retrieved from http://protect.iu.edu/cybersecurity/authn-authz Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-A7. Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Kiran, K., Reddy, L., & Haritha, N. (2013). A Comparative Analysis on Risk Assessment Information Security Models. International Journal Of Computer Applications, 82(1-13), 41-47. Kremer, S., & Raskin, J. F.(n.d.). A game approach to the verification of exchange protocols. Retrieved from http://robotics.eecs.berkeley.edu/~wlr/228a02/papers/NonRepudiation.pdf Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning.