Computer Security Engineering Assignment

Added on - Apr 2020

Trusted by 2+ million users,
1000+ happy students everyday
Showing pages 1 to 6 of 25 pages
Running head: COMPUTER SECURITY ENGINEERINGComputer Security EngineeringName of the student:Name of the university:
1COMPUTER SECURITY ENGINEERINGTable of ContentsIntroduction..........................................................................................................................21. Description and explanation of the difference between security framework andstandards..........................................................................................................................................32. Background of information security standard and framework........................................43. Review of Information security approach.......................................................................93.1 Risks with Information Security................................................................................93.2 Control approaches for Information Security..........................................................123.3 Behavior of Information Security............................................................................143.4 Standardization for Information Security................................................................163.5 Technologies associated to Information Security....................................................17Conclusion.........................................................................................................................20Bibliography......................................................................................................................21
2COMPUTER SECURITY ENGINEERINGIntroductionAccording to the current edge of security concerns it has been defined that InformationSecurity management standard provides the business organization a direction to save theirconfidential information secured from external assaults1. On the other hand information securityframework is a processed series of documentation used to determine the procedures and policiesfor securing the information stored in the data server. Based upon business type and businessenvironment the information securities are designed by the management authorities. This reportfocuses upon the difference between the information security management system andinformation security standards.The ISO/IEC 27000 security helps the business organizations to keep the data such asfinancial data, employee’s personnel data secured from the external attacks. Each requirementassociated to the Information security management system is served properly by the ISOstandards2. In the ISO 27000 family a dozen of standards are available. Information StandardManagement System (ISMS) is referred to as a systematic approach that would save the sensitiveinformation from unauthenticated users. For organizational risk management also this is verymuch helpful.1Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered informationsecurity: Managing a strategic balance between prevention and response."Information &Management51, no. 1 (2014): 138-151.2Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methodsused to analyze information security risk in modern wireless networks."Life Sciences Journal23 (2014):1239.
3COMPUTER SECURITY ENGINEERING1. Description and explanation of the difference between security frameworkand standardsAfter analyzing the details of Information Security management system and informationsecurity standard it has been assumed that there is a huge difference between Securitymanagement standard and Information security framework. The confusion between Informationsecurity standard and information security framework rises, while conducting research aboutsoftware development, business running approaches, methodologies to be followed for securinginformation from the external attackers or external assaults3. From the definition itself it could bedetermined that, security standards are the best known practices those are usually followed andon the other hand, framework is asset that normally put into the practices during the absence ofwell defined security practices. In almost each and every enterprise based field applications ISOhas a set of standard those means following standard practices those are accepted eventually.It has been defined that, sometimes most of the security standards are not defined asapplicable thus the management authority itself has to define a framework to meet themanagerial purposes. IS standard is a generally acceptable and solid plan those might be used inthe professional business practices4. IS standards are completely flexible and reliable from boththe business and consumer’s perspectives. Framework is not a complete picture rather it is a3Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges ininformation security risk management."Information Management & Computer Security22, no. 5 (2014):410-430.4Yang, Yu-Ping Ou, How-Ming Shieh, and Gwo-Hshiung Tzeng. "A VIKOR technique based onDEMATEL and ANP for information security risk control assessment."Information Sciences232 (2013):482-500.
4COMPUTER SECURITY ENGINEERINGguideline that helps the company to proceed towards the required direction. In order to completethe job perfectly, standard never allows the management authority follow any specified choice.According toHajli, Nick, and Xiaolin Linthe main difference between the IS standardand IS framework is that standard are specific in nature whereas the framework are completelygeneral5. In addition to this, IS standards are accepted as the security level best practice whereas,frameworks are the generally employed practices.2. Background of information security standard and frameworkThe security framework is referred to as a methodological approach that helps theenterprises to acknowledge the security framework and security standard. However thisparticular approach follows a completely pragmatic direction.Againthere is no such businessorganization that maintains both Information System standard and Information securityframework as well. The ISS and ISF are elaborated n the below section:ISO 27002:2013: In order to secure the information those are stored within theorganizational server, sometimes ISO 2700:2013 is used as a guideline to the organizational dataset. It also offers practices for security management, information selection and implementation ofcontrol management. The organizational information security ambiance considers both standardsin most of the cases but if the standards are found to be inefficient the corresponding frameworkshould be developed. It has been found that, Information system standard is one of the mostwidely used data security standard in Europe but its outcome implies that the stakeholdersassociated to the this particular design could simply interpret the outline.5Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking sites:The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016): 111-123.
5COMPUTER SECURITY ENGINEERINGIn order to resolve the issues associated to the information security standard it becomenecessary for the system developers to design proper security framework. The different securityframeworks are discussed below:NIST security framework:This particular security framework which has been putfrontward by the body of US standardization is mainly designed for the cyber security cell6. Thedeigned IS framework include different components such as standard, guidelines, promotionalpractices, critical infrastructure protection etc. In order to manage the cyber security orientedissues the factors of the framework such as prioritization, flexibility, cost effectiveness,repeatability etc are determined as very much helpful. For dealing with the cyber attacks, thepliability and attentiveness the organizations offers effective view to the consumers.CIS critical security control:Under the consideration of the former name called asSANS 20, critical Security control is defined as the most known one. It helps to serve a set ofrecommended action against the most pervasive and dangerous cyber attacks7. The CriticalSecurity Control approach is related to cyber security because these are generally rationalized byprofessional cyber security experts considering the proper information those have been pulledfrom the private and public threat resources. It offers two different kinds of approaches such asbottom up and top down. However, between these two the most effective approach is the bottomup approach. Over the targeted threats, it helps to focus on the prioritized security level functionswhich are enough effective in nature.6Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information securitymanagement: A literature review." (2014).7Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policycompliance model in organizations."computers & security56 (2016): 70-82.
Desklib Logo
You are reading a preview
Upload your documents to download or

Become a Desklib member to get access