Information and Systems Security

Verified

Added on 2022/12/23

AI Summary

This document discusses the importance of physical security in protecting hardware, networks, software, and data from physical activities that could damage enterprise data. It explores the issues in IT infrastructure, measures for physical security control, and the need for strict authentication and configuration control. The document also emphasizes the importance of surveillance and securing unused workstations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION AND SYSTEMS SECURITY
INFORMATION AND SYSTEMS SECURITY
Name of Student
Name of University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION AND SYSTEMS SECURITY
Table of Contents
Introduction................................................................................................................................1
Issues in IT infrastructure...........................................................................................................2
Measures for Physical Security Control.................................................................................3
Conclusion..................................................................................................................................4
References..................................................................................................................................5
Introduction
Physical security can be defined as the protection of hardware, networks, software and
data from physical activities that could assist in damaging the data of the enterprise. Threats
includes theft, ruination, fire, natural disasters and terrorism. Due to the increased technical
threats like cyber-espionage, malware, hacking, the physical security is overlooked. The
physical attacks on the IT security can be of two types. Gaining access control in a server
room, doing modifications in the data by accessing any pc are some of the physical attacks.
For this reason, the Organization need to have proper security for their servers and need to
have backup in case some mishandling of data occurs.

2INFORMATION AND SYSTEMS SECURITY
Issues in IT infrastructure
As an instance, New Surfing Policy of PPC got activated without the consent of the
management system of the company due to which many users faced issues such as
interruption while accessing the internet, the data of the course got crashed overnight and
those who have requested for an OS update resulted in getting poor server performance. As a
result of the breakdown of data, the personal information of many students got hampered for
which PPC had to offer each student a service for identity protection. The reason for the
whole event was unrestricted access into the backup server.
There are three categories of Physical security threats which are internal, human and
external. The internal threats can be presence of humidity in the rooms containing hardware,
unsteady power supply, etc. The external threats involve natural disasters and the human
interruption involves theft, damage or accidental errors. The attackers make an effort to
bypass the core controls by using some methods. This attempt of decoding the control
mechanisms is a criminal activity.
Generally, most of the systems maintain username and password for security but the
attackers are well aware of the methods to seize passwords. For seizing the passwords the
attackers can choose a brute force attack, in which trial and error method is used to create a
matching passwords or can choose dictionary attack, in which the attacker just needs to find
the dictionary used for encryption. The workstations that are kept on the unallocated desks
can be vulnerable to attack, as these workstations are not checked regularly hence, the
attacker can access the computer anytime.

3INFORMATION AND SYSTEMS SECURITY
This can be observed that the physical security of the system should be maintained as
well as having strict control of authentication. The IT infrastructure should be comprised of
Configuration management to ensure that whatever complex issues that are arising have to be
solved with the knowledge of the management. The configuration management for IT
security involves, identifying, analysing, examining and providing authorisation to the
proposals for the modification of the existing system.
Measures for Physical Security Control
Security at a physical level is an essential part of the IT security. Only securing the
webserver system is not enough to restrict the vulnerabilities, as the attacker can invade from
anywhere (Pathan, 2016). Strict surveillance of the entire organization should be there to
track everyone’s activities. Using rack mount servers would provide assistance as it is easier
to handle being smaller and lighter (Feng, Wang & Li, 2014).
The unused workstation should be kept in a secured room (Wang et al., 2013) having
great security. The data that are being stored on the hard drives should be kept in the most
secured area of the organization which will only have the access of an authorized person.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION AND SYSTEMS SECURITY
Conclusion
Vulnerabilities in IT infrastructure are the origin of the technical issues that arises in
the Information system. As the entire infrastructure deals with lot of data and software;
therefore interruption is a normal thing, which is required to be prevented. Therefore,
maintaining high security for authentication and configuration control is necessary with the
required physical security controls. As the security system is evolving the hacking system is
also evolving; hence, updating the security system is required in every phase. Keeping track
of every activities within the organization is helpful for preventing the issues.

5INFORMATION AND SYSTEMS SECURITY
References
Duan, X., & Wang, X. (2015). Authentication handover and privacy protection in 5G hetnets
using software-defined networking. IEEE Communications Magazine, 53(4), 28-35.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information
systems: Causal relationships of risk factors and vulnerability propagation analysis.
Information sciences, 256, 57-73.
Lee, T. F., Chang, I. P., Lin, T. H., & Wang, C. C. (2013). A secure and efficient password-
based user authentication scheme using smart cards for the integrated epr information
system. Journal of medical systems, 37(3), 9941.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Wang, F., Ge, B., Zhang, L., Chen, Y., Xin, Y., & Li, X. (2013). A system framework of
security management in enterprise systems. Systems Research and Behavioral
Science, 30(3), 287-299.

1 out of 6

+13062052269

info@desklib.com

Information and Systems Security

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Network Design Proposal for XYZ Retails

Organizational Information Security Risks and Policies

Project on Network and Information Security

Risk Assessment and Disaster Recovery Scenario

What Is Business Continuity and Why Is It Important?

Threat Categories for Information Security: Prevention and Detection Techniques