Information Security in an Organization - IJC Journal
Added on 2024-05-03
17 Pages8259 Words205 Views
100
International Journal of Computer (IJC)
ISSN 2307-4523 (Print & Online)
© Global Society of Scientific Research and Researchers
http://ijcjournal.org/
Information Security in an Organization
Mohammed Mahfouz Alhassana*, Alexander Adjei-Quayeb
a,bZhejiang Normal University College of Mathematics, physics & Information Engineering, 688 tying bin
road,321004, Jinhua –Zhejiang Province, CHINA.
aEmail: mmalhassan@tamalepoly.edu.gh
bEmail: adjeiquayealexander@gmail.com
Abstract
Information security is one of the most important and exciting career paths today all over the world. Information
security simply referred to as InfoSec, is the practice of defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be
used regardless of the form the data may take (e.g. electronic, physical data, with knowledge of information
security we are confident that our data is protected and also assured of the safety of our data and ensure that the
value of our organizations maintained. But this is not the only explanation experts have given, information
security is the life savior of organizations all over the globe. So people in this field can be considered as the
physicians of the computer system, also we can call them the pathologist or better still the cardiologist of the
computer system. Let‘s not under-estimate the impact of security incidents, which can lead to data loss, leaks of
personal information, wasting of time, and the spread of viruses. We shouldn’t’ think that security incidents that
happen to other computers will not affect us. We should take responsibility in managing your own information.
Keep alert to news regarding security threats and equip ourselves and organizations with the latest knowledge.
Consult experts and advisors if you are in any doubt. Keep a contact list of assistance, e.g. public services,
application support, and ISP hotlines.
Keywords: Defending information from unauthorized access; Key to the future of every organization.
1. Introduction
Information security is of great importance and interest to everybody in the world of technology today, whether
you are a mobile phone or a personal computer user, this is why information security is of the most importance
in our everyday life, and in the IT technology fields.
------------------------------------------------------------------------
* Corresponding author.
International Journal of Computer (IJC)
ISSN 2307-4523 (Print & Online)
© Global Society of Scientific Research and Researchers
http://ijcjournal.org/
Information Security in an Organization
Mohammed Mahfouz Alhassana*, Alexander Adjei-Quayeb
a,bZhejiang Normal University College of Mathematics, physics & Information Engineering, 688 tying bin
road,321004, Jinhua –Zhejiang Province, CHINA.
aEmail: mmalhassan@tamalepoly.edu.gh
bEmail: adjeiquayealexander@gmail.com
Abstract
Information security is one of the most important and exciting career paths today all over the world. Information
security simply referred to as InfoSec, is the practice of defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be
used regardless of the form the data may take (e.g. electronic, physical data, with knowledge of information
security we are confident that our data is protected and also assured of the safety of our data and ensure that the
value of our organizations maintained. But this is not the only explanation experts have given, information
security is the life savior of organizations all over the globe. So people in this field can be considered as the
physicians of the computer system, also we can call them the pathologist or better still the cardiologist of the
computer system. Let‘s not under-estimate the impact of security incidents, which can lead to data loss, leaks of
personal information, wasting of time, and the spread of viruses. We shouldn’t’ think that security incidents that
happen to other computers will not affect us. We should take responsibility in managing your own information.
Keep alert to news regarding security threats and equip ourselves and organizations with the latest knowledge.
Consult experts and advisors if you are in any doubt. Keep a contact list of assistance, e.g. public services,
application support, and ISP hotlines.
Keywords: Defending information from unauthorized access; Key to the future of every organization.
1. Introduction
Information security is of great importance and interest to everybody in the world of technology today, whether
you are a mobile phone or a personal computer user, this is why information security is of the most importance
in our everyday life, and in the IT technology fields.
------------------------------------------------------------------------
* Corresponding author.
International Journal of Computer (IJC) (2017) Volume 24, No 1, pp 100-116
101
The Study of information security has so many concepts and also topics that every IT professionals should
master or have some basics of, the knowledge and skills of information security are just some few that is
essential for all those that are involved in the IT technology sector. E.g. Cyber-security analyst, forensics
analyst, network administrators, systems administrators, application developers. Lack of knowledge in this
important field of information security will be more likely to develop applications that are not secure or build
networks that are insecure and easier for attackers to penetrate, this is why information security knowledge is
very important in our everyday lives. Regardless of the choosing career, you find yourself in the IT technology
sector.
2. Organizational Security policy
There is the need for an organization’s information security policy, this should not simply convey a plan of
action, for example, its purpose, goals, applicability, importance and activities; most importantly organizations
should also document who is ultimately responsible for carrying out the security agenda across the enterprise
[14]. All personnel within the organization should be provided in the appropriate training on information
security policy and the organization’s security expectations, aligned to their functional roles. As an example, the
corporate internet usage policy should be communicated in a clear manner, read, understood and acknowledged
by all personnel within the organization, while a role specific policy such as the enterprise software management
policy, should be scoped to include all the relevant personnel, for example, the IT Systems department. It is also
imperative for organizations to track dissemination of policies and procedures through employee attestation, as
this helps provides a valuable input into policy enforcement and education processes.
3. Network Security benefits
The 2009 FloCon conference3, security analysts were given demonstrations of the FloVis framework for
network visualization, including all three plug-ins [6]. During this demonstration, they identified a need for
highly abstracted visualizations of network structures and their related communications that would assist the
user with determining those subnets/hosts that should be visualized with the existing plug-ins. For instance,
network analyst/systems engineers may be responsible for monitoring several departments and may be aware of
outside networks, subnets, and/or individual host Internet Protocol (IP) addresses that pose a threat to the
security of the departments. Thus, it would be beneficial to provide a high-level visualization of the relationship
between these “organizations” before deciding what to visualize at a lower level. A common practice in IS
research is to treat information systems themselves as either a dependent variable or an independent variable.
Accordingly, IS frameworks usually attempt to classify information systems in one of two ways. Firstly,
systems can be classified based on technical attributes. For example, characterizes information technology in
terms of its capacity, quality, cost, storage, processing, and communications capabilities. It is also possible to
classify computing arrangements as interactive versus batch standalone versus networked, and so on. The
second approach is to focus on the functions information systems perform within their context of use and whose
interests are served by information technology. For example, Markus identifies five types of information
systems, each describing a dominant type of function: operations, communication, planning and decision-
making process, monitoring, evaluate and control, and inter-organizational transactions. The Gorry and Scott
Morton framework also build its classification of information systems upon functional differences rather than
101
The Study of information security has so many concepts and also topics that every IT professionals should
master or have some basics of, the knowledge and skills of information security are just some few that is
essential for all those that are involved in the IT technology sector. E.g. Cyber-security analyst, forensics
analyst, network administrators, systems administrators, application developers. Lack of knowledge in this
important field of information security will be more likely to develop applications that are not secure or build
networks that are insecure and easier for attackers to penetrate, this is why information security knowledge is
very important in our everyday lives. Regardless of the choosing career, you find yourself in the IT technology
sector.
2. Organizational Security policy
There is the need for an organization’s information security policy, this should not simply convey a plan of
action, for example, its purpose, goals, applicability, importance and activities; most importantly organizations
should also document who is ultimately responsible for carrying out the security agenda across the enterprise
[14]. All personnel within the organization should be provided in the appropriate training on information
security policy and the organization’s security expectations, aligned to their functional roles. As an example, the
corporate internet usage policy should be communicated in a clear manner, read, understood and acknowledged
by all personnel within the organization, while a role specific policy such as the enterprise software management
policy, should be scoped to include all the relevant personnel, for example, the IT Systems department. It is also
imperative for organizations to track dissemination of policies and procedures through employee attestation, as
this helps provides a valuable input into policy enforcement and education processes.
3. Network Security benefits
The 2009 FloCon conference3, security analysts were given demonstrations of the FloVis framework for
network visualization, including all three plug-ins [6]. During this demonstration, they identified a need for
highly abstracted visualizations of network structures and their related communications that would assist the
user with determining those subnets/hosts that should be visualized with the existing plug-ins. For instance,
network analyst/systems engineers may be responsible for monitoring several departments and may be aware of
outside networks, subnets, and/or individual host Internet Protocol (IP) addresses that pose a threat to the
security of the departments. Thus, it would be beneficial to provide a high-level visualization of the relationship
between these “organizations” before deciding what to visualize at a lower level. A common practice in IS
research is to treat information systems themselves as either a dependent variable or an independent variable.
Accordingly, IS frameworks usually attempt to classify information systems in one of two ways. Firstly,
systems can be classified based on technical attributes. For example, characterizes information technology in
terms of its capacity, quality, cost, storage, processing, and communications capabilities. It is also possible to
classify computing arrangements as interactive versus batch standalone versus networked, and so on. The
second approach is to focus on the functions information systems perform within their context of use and whose
interests are served by information technology. For example, Markus identifies five types of information
systems, each describing a dominant type of function: operations, communication, planning and decision-
making process, monitoring, evaluate and control, and inter-organizational transactions. The Gorry and Scott
Morton framework also build its classification of information systems upon functional differences rather than
International Journal of Computer (IJC) (2017) Volume 24, No 1, pp 100-116
102
technical attributes. K analysis indicated a real gap in knowledge in terms of ISM studies in developing
countries. The literature analysis could not identify any papers that included holistic frameworks or articulated a
complete model showing all the factors that aid the implementation and adoption of IS culture. However, the 68
papers did reveal a range of issues and factors that influence IS culture and some of the practices. These factors
included: Information Security Awareness, and Training Programs, ISM Standardization, Information Security
Policy, Top Management Support for ISM, Information Security Compliance, Information Security Risk
Analysis, and Organizational Culture. These issues were classified into the following themes, each of which is
discussed further below
• Corporate citizenship
• Legal regulatory environment
• Corporate governance
• Cultural factors, However, in the case of Saudi Arabia, national cultural factors tend to be some of the
obstacles and can affect the adoption of IS cultural and practices in Saudi Arabian organizations.
Therefore, this study will examine the importance and influence of ISM factors and cultural factors on
the adoption of IS cultural and practices in Saudi Arabia.
4. Why network or Systems security
The system and network technology is a key factor in information technology for a wide variety of applications.
Security is crucial to networks and applications. Although network security is a critical requirement in most
emerging networks, there is a significant lack of security methods that can be easily implemented to ensure
maximum security. There exists a “the communication gap” between the developers of security technology and
developers of networks. Network design is a well‐developed process that is designed based on the Open
Systems Interface (OSI) model. The OSI model has several advantages when designing the networks. It offers
modularity, flexibility, ease‐of‐use, and standardization of the network protocols. The protocols of different
layers can be easily combined to create stacks which allow modular development. The implementation of
individual layers can be changed later without making any other adjustments, allowing flexibility in its
development. In contrast to network design, secure network design is not a well‐ developed process. There isn’t
a methodology to manage the complexity of security requirements. Secure network designs do not contain the
same advantages as network design. When considering network security in the organization, it must be
emphasized that the whole network is secure and can offer the security required. Network security does not only
concern the security in the computers at each end of the communication chain. When transmitting data the
communication channel should not be vulnerable to attack. A possible hacker could target the communication
channel and cause harm, obtain the data, decrypt it and re‐insert a false message. Securing the network is just as
so important as securing the computers and encrypting the message. When developing a secure network, the
following should be considered:
1. Access – authorized users are provided the means to communicate to and from a particular network
102
technical attributes. K analysis indicated a real gap in knowledge in terms of ISM studies in developing
countries. The literature analysis could not identify any papers that included holistic frameworks or articulated a
complete model showing all the factors that aid the implementation and adoption of IS culture. However, the 68
papers did reveal a range of issues and factors that influence IS culture and some of the practices. These factors
included: Information Security Awareness, and Training Programs, ISM Standardization, Information Security
Policy, Top Management Support for ISM, Information Security Compliance, Information Security Risk
Analysis, and Organizational Culture. These issues were classified into the following themes, each of which is
discussed further below
• Corporate citizenship
• Legal regulatory environment
• Corporate governance
• Cultural factors, However, in the case of Saudi Arabia, national cultural factors tend to be some of the
obstacles and can affect the adoption of IS cultural and practices in Saudi Arabian organizations.
Therefore, this study will examine the importance and influence of ISM factors and cultural factors on
the adoption of IS cultural and practices in Saudi Arabia.
4. Why network or Systems security
The system and network technology is a key factor in information technology for a wide variety of applications.
Security is crucial to networks and applications. Although network security is a critical requirement in most
emerging networks, there is a significant lack of security methods that can be easily implemented to ensure
maximum security. There exists a “the communication gap” between the developers of security technology and
developers of networks. Network design is a well‐developed process that is designed based on the Open
Systems Interface (OSI) model. The OSI model has several advantages when designing the networks. It offers
modularity, flexibility, ease‐of‐use, and standardization of the network protocols. The protocols of different
layers can be easily combined to create stacks which allow modular development. The implementation of
individual layers can be changed later without making any other adjustments, allowing flexibility in its
development. In contrast to network design, secure network design is not a well‐ developed process. There isn’t
a methodology to manage the complexity of security requirements. Secure network designs do not contain the
same advantages as network design. When considering network security in the organization, it must be
emphasized that the whole network is secure and can offer the security required. Network security does not only
concern the security in the computers at each end of the communication chain. When transmitting data the
communication channel should not be vulnerable to attack. A possible hacker could target the communication
channel and cause harm, obtain the data, decrypt it and re‐insert a false message. Securing the network is just as
so important as securing the computers and encrypting the message. When developing a secure network, the
following should be considered:
1. Access – authorized users are provided the means to communicate to and from a particular network
International Journal of Computer (IJC) (2017) Volume 24, No 1, pp 100-116
103
2. Confidentiality – Information in the network remains private to trusted staff or users.
3. Authentication – Ensure the users of the network are who they say they are.
4. Integrity – Ensure the message has not been modified in transit and is secured during transmission.
5. Non‐repudiation – Ensure the user does not refute that he/she used the network
Let's take the example a website there are various factors involved in drawing visitors to your site, network and
turning them into customers, it’s extremely important that you enlist the help of proficient webmasters and
security experts to manage your site and secure the network.
It is time to take serious information security measures in our organizations, prevent common internet attacks.
Some of the measure that can be taking to prevent that the networks are broken down into categories. Some
attacks gain system knowledge or personal information, such as eavesdropping and phishing.
Attacks can also interfere with the system’s intended function, such as viruses, worms, and trojans. The other
form of attack is when the system’s resources are consumed uselessly.
Eavesdropping. Interception of communications by an unauthorized party is called eavesdropping. Passive
eavesdropping is when the person only secretly listens to the networked messages. On the other hand, active
eavesdropping is when the intruder listens and inserts something into the communication stream. This can lead
to the messages being distorted.Sensitive information can be stolen through eavesdropping.
Worms
A worm is similar to a virus because they both are self-replicating, but the worm does not require a file to allow
it to propagate [9]. There are two main types of worms, mass mailing worms, and network-aware worms.
Mass mailing worms use email as a means to infect other computers. Network aware worms are a major
problem for the Internet.A network aware worm selects a target and once the worm accesses the target host, it
can infect it by means of aTrojan or otherwise.
Trojans
Trojans appear to be benign programs to the user, but will actually have some malicious purpose. Trojans
usually carry some payload such as a virus.
Phishing
Phishing is an attempt to obtain confidential information from an individual, group, or organization. Phishers
trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other
sensitive information.
103
2. Confidentiality – Information in the network remains private to trusted staff or users.
3. Authentication – Ensure the users of the network are who they say they are.
4. Integrity – Ensure the message has not been modified in transit and is secured during transmission.
5. Non‐repudiation – Ensure the user does not refute that he/she used the network
Let's take the example a website there are various factors involved in drawing visitors to your site, network and
turning them into customers, it’s extremely important that you enlist the help of proficient webmasters and
security experts to manage your site and secure the network.
It is time to take serious information security measures in our organizations, prevent common internet attacks.
Some of the measure that can be taking to prevent that the networks are broken down into categories. Some
attacks gain system knowledge or personal information, such as eavesdropping and phishing.
Attacks can also interfere with the system’s intended function, such as viruses, worms, and trojans. The other
form of attack is when the system’s resources are consumed uselessly.
Eavesdropping. Interception of communications by an unauthorized party is called eavesdropping. Passive
eavesdropping is when the person only secretly listens to the networked messages. On the other hand, active
eavesdropping is when the intruder listens and inserts something into the communication stream. This can lead
to the messages being distorted.Sensitive information can be stolen through eavesdropping.
Worms
A worm is similar to a virus because they both are self-replicating, but the worm does not require a file to allow
it to propagate [9]. There are two main types of worms, mass mailing worms, and network-aware worms.
Mass mailing worms use email as a means to infect other computers. Network aware worms are a major
problem for the Internet.A network aware worm selects a target and once the worm accesses the target host, it
can infect it by means of aTrojan or otherwise.
Trojans
Trojans appear to be benign programs to the user, but will actually have some malicious purpose. Trojans
usually carry some payload such as a virus.
Phishing
Phishing is an attempt to obtain confidential information from an individual, group, or organization. Phishers
trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other
sensitive information.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Application for HREC Approval for Cyber Security Researchlg...
|19
|6680
|406
Sample Template Format Assignment 2022lg...
|6
|2850
|25
Managing Cyber Security Challengeslg...
|12
|2039
|43
Cybersecurity Assignment 2022lg...
|12
|3058
|22
(Solved) Cyber security challenges Assignmentlg...
|8
|2715
|216
IOS Programming: Mobile App Development for Apple Deviceslg...
|11
|948
|399