+1-817-968-5551
+61-488-839-671
+44-7480-542904About Expert
Key Topics
Requirement
Objectives:
Demonstrate reflective practice and apply learning to different contexts by critically analyzing protection mechanisms for information systems to build sound knowledge.
Demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by understanding the relationships between security and personnel, between security and law, between security and ethics.
Demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by properly applying security principles into information security project management.
Solution
Abstract
The strategic information security plan is used to secure the information technology of the company which creates a competitive advantage for the company. The plan protects the security of information technology from damages. The consistent and integrated methodologies are used in the plans which help in develop, design and implement the plan in an organization. The risk management is done by the company through five phases. The protection mechanism is used to protect the information technology from threats and contents. The personnel security is used at three levels of the organization namely, management, staff and technical department. The laws and ethics include professional ethics and laws related to other laws such as cyber laws. The PRT network monitors report is used by the company for protecting the networks from various threats which help to run the business successfully.
Why take stress when you can take financial management assignment help from the professional experts of Allassignmenthelp.com. You can pay and easily avail of our management accounting assignment help and score good grades. The talented and professional experts on our website will help you and provide you with conflict management assignment help at the most affordable price.
Introduction
In this present paper, we will discuss strategic information security which a strategic plan used by the organization to mitigate the information risk which is related to processes, people, and technologies. The paper also describes the controlling risk, protection mechanism, personal and security, law and ethics, and PRT network monitor report on the basis of which conclusion has been made.
The strategic information security plan helps to protect the integrity, confidentiality, and information of the organization. The effective strategic information plan helps to create a competitive advantage for the company which comprises of complying with the standards of the industry, damage security incident avoidance, business reputation sustainment, and supporting commitments to the consumers, stakeholders, shareholders, suppliers and others (LeVeque et al., 2005). The plan includes the briefing of consistent and integrated methodologies which is used to design, develop and implement in the organization. It also includes the detection of information and criteria to resolve the problem, decreasing the time of delivery by solution concept through implementation, for the delivering of efficient results the proactive decision approach, is used, removal of redundancy which helps to achieve the objectives of an organization, managing of human resource in a most efficient and effective manner and evolving into the company in which security is integrated with application, workflows, data, process into a unified environment (Lederer et al., 1992).
The development of security strategic plan requires an initial step to find the gap between the current position and existing efforts. The standards will be explained by the assessment of information security program. The more steps for the development of strategy includes a briefing of mission, vision, strategy, tasks, initiatives to be completed for the enhancement of present information security program. The execution of a strategic plan is the critical success factor for the company which is required to maximize the information risk management capability (Wylder et al., 2003).
Controlling Risk
The risk management strategy gives a road map to the company which helps in protecting the environment and enables to achieve the organizational goals and objectives. It is considered as an information technology approach which supports business activities to achieve the organizational goals. It is the multiphase approach which is used to develop the information security and risk management strategy. Following are the five phases:
Business approach-Phase I
In the first phase, the clear understanding of organization present condition is developed which includes the risk profile and appetite of an organization. The understanding also includes the identification of organizations capability for the implementation of the strategy. If the organization is not capable, then the strategy must reflect the situation. The effective capabilities are applied by the companies for reducing the capital and another day to day expenses. The budget of implementing the strategy must not be more than ten percent of the overall information technology budget.
Strategy definition-Phase II
In this phase, the annual perspective plan is followed by the rolling plan of three years. The point of arrival is clearly defined which is based on the management input. It also includes the ensuring of required human resource capital for the implementation of a strategy. The understanding of organizational culture is done for implementing the strategy. The minimum time required for the implementation of the strategy is 30-36 months. The information security and risk management strategy is continues process which is used to mitigate the risk and meet the organizational goals and objectives. The requirement of human resource is temporary which is mainly required for the implementation of strategy with the present resources. The organizational culture is the key element for the successful implementation of the strategy. The integration of people within the organization culture leads to the successful implementation of the strategy.
Strategy development-Phase III
In this phase, the governance model is explained with the functional inventory of capabilities and services. The operational components or consulted elements of an organization are considered. Then the human resource capital requirements are identified which is used to operate the strategy. The risk management must be overlooked by the internal staff. The model is divided into two functional models. The information risk management framework includes the various functions which are oriented towards the identification of information risk. In the framework the information security is considered as a component which is having the capability of mitigating the risk to ensure the alignment with the tolerance level and risk profile. The framework considered operational risk, credit risk, fraud risk, market risk and others. The information security functional framework includes the various elements such as business resiliency, vulnerability management, vulnerability assessment, and others. The key performance indicator for information security determines the capability of risk tolerance. The reporting structure of the organization includes reporting to chief information officer but the responsibility is extended from the technology to business processes (Whitman et al., 2013).
Metrics and benchmarking- Phase IV
In this phase, the alignment is ensured with the standards of the industry and its guidelines. The methodology for assessment is done through capability maturity model. The key performance indicators are used to measure the effectiveness of developed capabilities and functions by the information security and risk management strategy.
Implementation and operation-Phase V
In the last phase, global considerations are taken into account. The determination of organizational needs protection is done, and consequences of not protecting are also done. The major part of the operational model is used for information security and risk management strategy. The proper communication is ensured between the business function and information security and risk management strategy group. The cultural awareness is ensured through changing the focus from security to the management of risk.
Protection Mechanism
The protection mechanism is defined as the elements which are directly linked to the threats and contents. The mechanisms are present at the end of technical security while others are involved in the overall process. Following are the four mechanisms:
Perception
It is defined as the defense which is comprised of profiles of system and facilities, obscurity, deception method, and appearances. It is the component of technical protection which is directly linked to the attacks and its agents.
Structure
It is defined as the defense which is predominantly separation mechanism which is intended to implement policies of control, functional units with the functions and implementation of separation association with the control changes. It comprises of discretionary and mandatory access which controls the various resulting communications structures for example firewalls, partially ordered sets and others.
Content
It is defined as the control which is comprised of filters and separation mechanism transforms. It is used to analyze the markings, locations, syntax, and situations which are used to determine the information that should be transformed.
Behavior
It is defined as the mechanism which is having low surety but in some mechanisms; it has high surety. It includes the limiting of alteration; fail-safe modes, time effect, anomaly detection, a system of response, and traits of human behaviors and its patterns. The duties are separated according to the preferences (Cassidy et al., 2016).
The data security became the major challenge for the organizations in today's world, and the challenges are increases for data protection. The safeguard intellectual property is required by the companies because the information technology is changing, and new business models are introduced due to which new threats are generated. It is necessary for the companies to think beyond the traditional models for protecting the data. The security mechanism is used to protect the various ingredients of secure network designs. The ingredients are explained below:
Physical security
It is defined as the limiting access to the resources of a network through keeping the resources behind the lockers for protecting them from manmade and natural disasters. It is used to protect the networks from untrained employees by misusing the network resources. It is also used to protect the networks from terrorist, hackers and others. The terrorists can attack by biohazards events such as radioactive spills and others.
Authentication
It is defined as the authentication of network access which is used to protect the network from misuse. The most common and secure policy used by the companies to secure the networks is access through login ID and password. The security can be maximized by using one-time password. The traditionally the authentication is based on three proofs. Namely, anything the user knows, the user has, and the user is. Generally, the two faced authentication is used by the companies for securing the networks.
Authorization
The authorization is given to the user for accessing the network resources. It is the security administrator part of the networks. It is recommended by the experts that least privilege must be given for the implementation of authorization.
Accounting
The network activity data is collected for analyzing the security of networks and respond to the security incidents.
Data encryption
It is defined as the process in which the scramble data is protected through reading access is provided to everyone but receives intended. The private and public key encryption is the best example of an asymmetric key system.
Packet filters
It is defined as the filters which can be set on firewalls, routers, and servers for denying the particular address. It is an authorization and authentication mechanism which is used to protect the networks resources (Peltier et al., 2013).
Personnel and Security
The purpose of personnel security is to give a level of assurance as to the trustworthiness, loyalty, and honesty which provide for accessing the government resources. The company must ensure that the governmental information which is accessed by the person must be eligible to access, must have the identity, and willing to comply with policies, standards, and requirements of government. The management of the company has many facets of personal responsibilities, and many of facets are directly linked to the overall security of the company. It includes recruitment of qualified employees, background verification of the employee at the time of recruitment, training and development program for the employees, enforcement of strict control for accessing and terminate the employee in such a manner which protect the other employee who is involved.
Recruiting practices
To ensure that the right employee is recruited according to the job requirements is depend on upon the level of screening which is done by the human resource manager. The skills must be examined according to the roles and responsibilities. The non-disclosure agreement must be signed by the new individuals which include sensitive information of the company. The reference must be checked by the company at the time of recruitment, and criminal records must be checked by the company (Schumacher et al., 2013).
The security awareness training must be given to the employee who helps to secure personnel. The security training is given in the organization at three different levels.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderThe three different levels are explained below:
Management level
The security awareness orientation is given at management level in which policies, procedures, and guidelines are given to the employees which help to protect the employees at management level.
Staff level
The training is given to the staff members for protecting the employees from fraudulent activities. The issues must be passed to the upper management, and the employee should bot combat an address or other irrelevant addresses. It is the most critical component of the company, so the staff training regarding the security is very important, but some organizations do not spend on staff training.
Technical level
The highest level of in-depth training should be given to the technical department because they receive various presentations that align more into the day to day activities. The special training program is given to the individuals who help to use specialized technologies and devices (Rhodes-Ousley et al., 2013).
Evaluating the program
The program is evaluated to determine the effectiveness of a program. It is evaluated by comparing the total security incident report before and after the training program which helps to determine the effectiveness. The online training is given to the employee who is evaluated within the specific period of time.
Law and Ethics
The professional ethics includes that the professionals must have the skills for executing the security which helps to the companies in bringing the wrong doors to the justice. The cyber law and crimes activity must be acknowledged by the professionals who help to secure them cyber threats. The professionals must be ready to apply the prudent judgment so that the right decision will be made.
Following are the laws and ethics that need to be followed by the company at the time of implementing the strategic information security plan in an organization:
Professional ethics
The security professionals must know about the regulations and laws regarding the use of computer and information. The ethics are defined as the rules which help to follow the law govern by the government. At the time of becoming the CISSP, the code of ethics must be accepted by the accepted that helps to set the standard of professional security behaviors (Peltier et al., 2016).
Cyber law and crime activities
The cyber law is in the progressive stage which is not kept with the rapid progress of technology. The investing of computer crimes has jurisdiction issues. The crimes are moved from physical crimes to intangible crimes which are not restricted by the boundaries of state or a country. The cyber crime framework is depending upon the investigation and evidence collection. Thus the certified professionals from CISSP are expected to have complete knowledge of private policies and corporate securities.
U.S. Copyright law
The intellectual asset is the protected asset of the company, and the law provides the privilege to the company to the published word. The work cannot be copy without taking permission from the original author. The freedom of information act of 1966 provides access to the records of the federal agency. The information is disclosed by the federal government with the written consent by the receiver.
Export and Espionage laws
The law is used to meet the national security requirements and to protect the secrets of the trade, private assets, and various laws are used to secure the information system and resources. The economic espionage act 1996 is used to protect the competitive advantage, intellectual property, and trade secrets from the sharing of illegality.
General computer crime laws
The computer fraud and Abuse Act of 1986 is the cornerstone of various laws related to the computer which includes federal laws and enforcement efforts. The national information infrastructure protection act of 1996 is modified by increasing the penalties for the selected crime. The penalties are depending upon the information received which includes commercial advantage purpose, personal financial gains, and furtherance of a criminal act. The computer security act of 1987 is the first act which was used to protect the federal computer system (Galliers et al., 2014).
Privacy
It is the most important aspect of information security. The information needs to be protected so that the external users cannot misuse the information. The privacy laws must be considered which includes the privacy of consumer information.
PRT Network Monitor Report
The PRTG network is used to monitor the local area networks, wide area network, servers, appliances, websites, URLs, and others. The problem of networks develops business emergencies. The decreasing of networks create various problems such as unable to read the emails by the employee; a customer cannot make online purchase and others. The monitoring of networks helps to maintain the health of business. It helps to avoid expense outrage, addressing of bottlenecks which help to prefix the problem and reduce the expenses by identifying the requirement of hardware.
The PRTG network monitor is run on the window machines within the networks. It collects the statistics from the software’s, devices and machines. It also helps to retrieve the historical data and to react on the changes. The web interface is easy to use with the point and click configuration. The data can be shared with the non-technical colleagues such as customers, colleagues, and others. The data includes live graphs and reports from the customs. It helps in the expansion of networks, and it also overviews the hogging the entire networks. The PRTG network monitor comprises of more than two hundred sensor types for all the services of networks such as FTP, HTTP, and others. The alert is sent to the user through email, message, pager and others (Kestle et al., 2014).
The PRTG network monitor is produced by the software company in Germany since 1997. The latest version of PRTG network monitor is tested by the national and international experts for the innovation, and they come up with the latest version. The multiple protocols are supported by PRTG network monitor for collecting the various data such as SNMP and WMI, packet sniffing, IPFIX, jFLOW, Net Flow and sFlow.
The PRTG network reporting tool helps to monitor and control the networks through predicting the networks and bandwidth trend of usage, monitor and uptime the availability of network devices and check the performance of metrics. The tool collects the data which is monitored and display the data in easy to read reports. The jitter noise is monitored by the tool and it helps to reduce it. The PRTG network reporting enables to trace the Ethernet jitter and configure the alarm which warns the user when the jitter noise is reached. It helps to approach proactively through troubleshooting of networks. The PRTG make the networks faster, reliable and responsive. The tool is customized according to the budget of the company (Osman et al., 2016).
Conclusion
The strategic information security plan is used by the companies for protecting the confidentiality, integrity, and information. The plan helps to develop the competitive advantage for the company by complying with the business reputation sustainment, security of damages and supporting the commitments from stakeholders, suppliers, and others. The plan is comprised of consistent and integrated methodologies which help in designing, development, and implementation in an organization. The strategic information security plan is developed by determining the difference between the current position and existing efforts of the company. The controlling risk has five phases which include business approach, strategy definition, strategy development, metrics and benchmarking, and information and operation. The risk management is very necessary for the implementation of the strategic information security plan. The protection mechanism is directly linked to the contents and threats. The four mechanisms include perception, structure, content and behavior. The ingredients to secure network designs include physical security, authentication, authorization, accounting and packet filters. The personnel security is very necessary for the company. The security is given at three levels namely, management level, staff level, and technical level. The staff is the most critical component of the company which requires training for protecting the employees from fraudulent activities. The technical department requires in-depth training because they receive various presentations in the day to day activities. The special programs training are given to the technical department for handling the technical devices. The performance of a program is evaluated by comparing the total security reports before and after. The professional ethics must be adhering at the time of implementing and developing the plan. The various laws must be considered such as cyber law and crime activities, U.S. copyright law, export and espionage laws, general computer crime laws, privacy and others. The PRT network monitors report is used to monitor the network which helps in operating business successfully.
References
-
LeVeque, V. (2005). Information Security Strategic Planning. John Wiley & Sons.
-
Wylder, J. (2003). Strategic information security. CRC Press.
-
Lederer, A. L., & Gardiner, V. (1992). The process of strategic information planning. The Journal of Strategic Information Systems, 1(2), 76-83.
-
Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Nelson Education.
-
Cassidy, A. (2016). A practical guide to information systems strategic planning. CRC press.
-
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
-
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P. (2013). Security Patterns: Integrating security and systems engineering. John Wiley & Sons.
-
Rhodes-Ousley, M. (2013). Information security the complete reference. McGraw Hill Professional.
-
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
-
Galliers, R. D., & Leidner, D. E. (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.
-
Kestle, R., & Self, R. J. (2014). The Role of IS Assurance & Security Management. IT Practices for SME Success, 1(1).
-
Osman, Hind Abdullah. Towards optimum security operation centre with fair bandwidth allocation. Diss. Sudan University of Science and Technology, 2016.
Give your grades a boost
Just share your requirements and get customized solutions on time.
-
1,168,768 Orders
-
4.9/5 Overall Rating
-
5,052 Experts
