Information Security Threats and Risks
Added on 2020-03-02
11 Pages3102 Words443 Views
|
|
|
Running head: IS SECURITY AND RISK MANAGEMENT1IS Security and Risk ManagementName:Institution Affiliation:
IS SECURITY AND RISK MANAGEMENT2IntroductionThe information security is significant in organization in the areas such as the record keeping, as well as on the financial uses. The IT security could help organization in solving the requirementsof the clients particularly in the management of their personal information, the data as well as thesecurity information (Ali, 2014). These are the challenges which are encountered by the organization particularly in the management of the data so that it does not fall in the hands of the unauthorized individuals or perhaps the hackers. An effective IT security management system help in the reduction of the risk when there are crisis in the organization. The organization should understand the IT security to enable them overcome the challenges (Ali, 2014). Additionally, organization should have policies when it comes to securing of their data so that it could be safe (Ross, 2013). In this research it intends to answer the question on how the information technology security could be enforced in the organization. Additionally, the essay will look at the main content of the IT security policy, and how it is determined (Bergström & Åhlfeldt, 2014). The essay will be focused on the E-Bay organization. Other components that will be looked are the IT model for the organization, the security standards and the control, risk analysis and contingency planning. Lastly, it will focus on the analysis of the IT threats, vulnerabilities and tools. Key Terms IdentificationProtocols: These are often described in an industry or perhaps the international standard such asthe TCP/IP protocols that uses the set rules to exchange the message with the other internet points at the data packet levels.
IS SECURITY AND RISK MANAGEMENT3Contingency: This is a plan which is set in place to prevent any shortcoming which may occur in the future.Standards: These are definite rules, principles or perhaps the measures which have been established to guide the organization against the risk that could occur. Overview of E-bay organization This is a multinational e-commerce corporation, which help the online consumer to consumer as well as the business to consumer sales (Chen, 2009). The organization manages eBay.com whichis an online shopping portal that helps the people and the businesses to buy and sell goods and services globally(Bergström & Åhlfeldt, 2014). In addition to its auction style sales, the website has expanded to “Buy It Now” shopping. Over the years the company has become one of the bestonline retail business organization.Discussion of Policy and Auditing featuresfor E-bayThe organizations requires protection against the cyber-attack which entails to document the information technology security policy (Ross, 2013). Each and every employee need to understand their obligation in order to protect the organization data (Anton, Anderson & Mesic, 2004). The workers should have a clear expectation about their behavior when it comes to interaction with the information of the organization sales (Chen, 2009). There is need to have an IT security policy that should be published, understandable as well as enforceable. The following are the main components of an information technology security policy for E-bay organization; Security definition: the E-bay IT security policy have a well-defined security vision for the organization which is to safeguard on the safety of the clients and that of the business which they
IS SECURITY AND RISK MANAGEMENT4operate with (Axelrod, Bayuk & Schutzer, 2009). This security definition is meant to make certain there is confidentiality, integrity in addition to the accessibility to the data and the resources through the use of the effective and established information technology security methods and the process. Enforcement: on this part it evidently outlines precisely how the policy could be enforced and also precisely how the security breaches might be handled sales (Chen, 2009). Additionally, the chief data officer in addition to the information system security have the responsibility of implementing on these policy and ensuringtheir compliance (Bergström & Åhlfeldt, 2014). In this section it includes the procedures to request short term exception to the policy. Additionally, all the exceptions to the policy needs to be reviewed and also approved or perhaps denied by the security officers concerned. The user access to the computer resources: on their policy it outlines the functions along withthe responsibilities of the customers accessing the resources of the business especially to their website (Peltier, 2013). It could include things like the passwords, guidelines for the termination of the accounts, procedure for the threat notification and the security awareness training to the clients. Security profiles: E-bay has an excellent security policy including the data which recognizes precisely how the security profiles might be utilized uniformly throughout the common devices, such as the firewalls, proxy servers and the servers (Peltier, 2013). Passwords: The passwords are very critical aspects especially in protecting the infrastructure of the organization. They have higher passwords so that they do not compromise the organization especially the website to the external threats, and also the insiders (Duncan & Whittington,
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Report on Enforcing Information Technologylg...
|8
|2300
|97
Security Awareness Program | Cyber Securitylg...
|6
|1469
|50