CIS8018 - Strategic Information Security
14 Pages3548 Words201 Views
University of Southern Queensland
Strategic information security (CIS8018)
Added on 2020-03-04
About This Document
Security is one of the most significant aspects of business organizations in the current times. The report covers the steps that an organization, iPixel Creative may take to enhance its security architecture. The security architecture and framework that is currently followed in the organization comprises three pillars of security Business security, Information security, and Technical Security.
CIS8018 - Strategic Information Security
University of Southern Queensland
Strategic information security (CIS8018)
Added on 2020-03-04
ShareRelated Documents
Organization SecurityiPixel Creative
Organization SecurityTable of ContentsIntroduction.................................................................................................................................................3Organization Overview............................................................................................................................3Current Security Architecture of the Organization......................................................................................3Steps to Improve the Organization Security................................................................................................4Business Security....................................................................................................................................4Security Gap Analysis.........................................................................................................................4Separation of Duties............................................................................................................................5Disaster Recovery Planning and Testing.............................................................................................5Security Reviews and Audits...............................................................................................................5Secure Hiring and Termination............................................................................................................6Information Security................................................................................................................................6Defense-in-depth.................................................................................................................................6Network Security.................................................................................................................................7Database Security................................................................................................................................8Two-Factor Authentication..................................................................................................................8Information Encryption.......................................................................................................................9Technical Security...................................................................................................................................9Device Security...................................................................................................................................9Technical Updates...............................................................................................................................9Other Measures........................................................................................................................................9Conclusion.................................................................................................................................................10Appendix...................................................................................................................................................12URL.......................................................................................................................................................12Values....................................................................................................................................................12Mission..................................................................................................................................................12Vision....................................................................................................................................................12References.................................................................................................................................................132
Organization SecurityIntroductionSecurity is one of the most significant aspects for the business organizations in the current times.It is necessary for the organizations to make sure that they include the latest security mechanismsand protocols in their architecture and the operational activities. It is because of the reason thatthere are newer forms of security risks and attacks that are being created with each passing day.These security occurrences are usually in the form of information security attacks with the use ofvarious threat agents such as networks, devices, databases, human resources etc. The use of web-based solutions cannot be discontinued in the business organizations of the present era. As aresult, the malicious entities make use of the access points and other web security vulnerabilitiesto cause damage to the systems and services of an organization. The report covers the step thatan organization, iPixel Creative may take to enhance its security architecture.Organization OverviewiPixel Creative is a Singapore based organization that provides web design and developmentsolutions to its clients. The organization is formed of a small team of creative and highly-skilledprofessionals that have expertise in the areas of web and graphic designing along with webdevelopment. The company set its roots in the year 2007 and has been expanding in Singaporeand beyond since its inception (iPixel, 2017). Current Security Architecture of the OrganizationiPixel Creative is an organization that works in the area of web based solutions and services. Thesecurity architecture and framework that is currently followed in the organization comprises ofthree pillars to security as Business security, Information security and Technical Security. The business security policies include the security mechanisms that are used to keep the businessactivities and decisions protected from security attacks. There are numerous clients, employeesand third-parties that are associated with the organization. The policies and protocols that arefollowed to maintain business ethics and protect the privacy and security of the businessoperations come under business security. 3
Organization SecurityInformation security covers the security of the information that is transmitted, shared and storedin association with the organization. The steps that are taken under this pillar include networksecurity, physical security and database security (Wang and Tai, 2003). The third component is the technical security that includes the security of various technical toolsand equipment used in the organization. Installation of updates, security patching, along with themaintenance of the security profile of the technical components is included under this pillar oforganizational security. Steps to Improve the Organization Security The security profile and architecture of iPixel Creative can be enhanced by making use of latestmechanisms and policies in the three areas as business security, information security andtechnical security. With the use and adoption of the latest security practices, the overall security of the organizationwill improve and will provide better results for the organization in terms of revenues, marketshare and customer satisfaction. Business SecurityThere are a number of administrative controls that may be used and applied to improve thesecurity of the business activities and operations. Security Gap AnalysisIt is necessary to first understand and analyze the gaps and loopholes in the security of theorganization to develop the mechanisms that must be followed for its improvement. The security gap analysis shall be carried out in iPixel Creative at regular intervals to highlightthe areas that demand enhancement from the security point of view. Chief Information SecurityOfficer (CIO), Security Manager, Security Auditor and the other associates of the security teammust participate in the process. The team must come up with a comparison between the currentsecurity and the required future security state. The measures that shall be adopted shall behighlighted in the next step (Teneyuca, 2001). 4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Design for Cosmos Online Newspaperslg...
|19
|1171
|181
Web Design and Development Assignmentlg...
|3
|751
|40
Analysis of IT Infrastructureslg...
|18
|3153
|192
Network Security Fundamentalslg...
|4
|659
|33
Aztek: Risk Management & Assessmentlg...
|18
|4841
|31
ITC571 - Emerging Technologies and Innovation Reportlg...
|7
|1215
|161