Ask a question from expert
(solved) Assignment on Information Security
23 Pages7029 Words297 Views
Middle East College
Added on 2020-04-21
(solved) Assignment on Information Security
Middle East College
Added on 2020-04-21
BookmarkShareRelated Documents
Running head: INFORMATION SECURITYInformation SecurityName of the Student:Name of the University:Author note:
2INFORMATION SECURITYTable of ContentsIntroduction................................................................................................................................31)Importance and objectives of information security............................................................32) Potential threats/risks and vulnerabilities..............................................................................33) Information security systems/policy......................................................................................34) A new information security monitoring parameters and its metrics......................................45) Scope and domains of information security policy...............................................................46) Select appropriate information security standard with proper justification...........................47) Highlight the policies and traditional standards followed by financial institutions..............48) Policies for remote access, email usage, network configuration, Network protocols,network access and external access............................................................................................49) Test and verify the effectiveness of the information security system....................................410) Response policy when a security accident happens for sample bank..................................511) The kinds of training are required for staff to implement proper information securityprogram......................................................................................................................................512) Appropriate recommendations to accomplish information security....................................5Conclusion..................................................................................................................................5References..................................................................................................................................6Timeline.....................................................................................................................................7Importance and objectives of information security....................................................................7Select appropriate information security standard with proper justification...............................7Response policy when a security accident happens for sample bank........................................8
3INFORMATION SECURITYIntroductionInformation security is considered to be a set of practices as well as techniques thatprevent unauthorized access, modification and destruction of sensitive data. The main focusof information security is to maintain integrity, availability and confidentiality ofinformation. Information technology is playing a significant role in various industries. Withthe growing usage of ICT, security issues are also increasing. Information security is gainingimportance in the financial organizations for securing the sensitive information of thecustomers and protecting any financial transaction using IT. This report explains about thepotential risks that are related to the standards along with the parameters that are used formonitoring information security. This report gives a brief overview about the standards andpolicies of information security that are followed by financial organizations. It also providessuggestions regarding the accomplishment of information security.1)Objectives and importance of information security Customer information is considered to be one of the most valuable assets of financialorganizations. Hence, financial organizations are incorporating strong security standards aswell as policies in its business processes for securing sensitive financial information.Information can be represented in various forms such as printed documents and electronicfiles (Kshetri 2013). Information can be transmitted through several communication channels.Information can take any frame size and it needs to be stored and transmitted in a securemanner. With a specific end goal to enough deal with these data security hazards that arewinding up always enhanced and perplexing, money related foundations are encouragedabove all else to learn the idea of hazard, and afterward to set up the required safety effortsand work toward their unswerving execution, similarly as they oversee different attacks(Kshetri 2014). This paper explains attention deeply parts of data security chance
4INFORMATION SECURITYadministration by monetary establishments. The skills used by Bank of Japan have been usedin this paper. Kim and Kim (2015) stated that bank of Japan has gathered this skill throughthorough research, studies, conference and examination with outside organization andapplicable household. It has also used its experience that it has gained by working for somany years. The appended "Project of Information Security Measures for Systems ThatMake Use of the Internet" calls attention to real things for checking the data safety efforts insingular frameworks that utilization the Internet (Martins et al. 2014). The connection alongwith this paper will serve financial organizations and institutes in creating and actualizingtheir data safety efforts. Then, in spite of the fact that the utilization of open frameworks hasopened the best approach to give more advantageous budgetary administrations, it hasadditionally differentiated and confused the idea of attacks (Graves et al. 2016). As it were,while attacks, for example, framework breakdowns and unapproved acts by representativeshave existed paying little heed to shut or open framework condition, with the expandeddependence on open frameworks, there are currently enormously expanded attacks, forexample, burglary or adjustment of data transmitted over systems (Laudon and Laudon2016). Moreover, there is the rise of new attacks, for example, unapproved access all thingsconsidered and benefit interferences that are particular to open frameworks. 2) Potential security and data threats, risks and vulnerabilities Financial organizations such as banks are exposed to potential security as well as datathreats and risks. Information security is being evaluated by financial organizations due to itstransactional risk that is considered to be the most harmful risk for a financial. Japanesefinancial organizations are getting to be noticeably mindful that, with the fast changes in thebusiness condition, it is basic for administration to give clients advantageous monetaryadministrations rapidly and cheaply (Dhillon et al. 2016). In order to accomplish thisobjective, money related organizations have been continuously using IT, which has
5INFORMATION SECURITYexperienced astonishing advances as of late. There has been an especially substantial measureof specialized development in the territory of open frameworks encapsulated by the Internet,and that has made it conceivable to construct such open frameworks significantly moreinexpensively and rapidly than traditional frameworks and to give services to a moreextensive scope of clients too (Li 2015). The monetary business is likewise mindful that arapid reaction to the administrative issues of building up a client base is basic, and thuslymore money related foundations utilize the Internet as an approach to accomplish this.Meanwhile, this expanded dependence on IT and the extended utilization of open frameworkin the money related administrations segment engenders data security hazard that requiresnew countermeasures for chance administration by individual budgetary organizations. Selamat and Babatunde (2014) stated that Japanese financial foundations haveactualized safety efforts that are predicated on the utilization of shut frameworks constructbasically in light of centralized computer, for example, (a) physical partition through servicesof passages and ways out of computer focuses and through the development of systems withrented lines, (b) the utilization of redid programming and correspondence conventions(principles), and (c) observing utilizing surveillance cameras and human observation inbranch. Because of the utilization of such measures, security attacks from the outside havebeen moderately uncommon in these shut frameworks (Lipper et al. 2014). With theexpanding push toward open frameworks, it is substantially simpler now to increaseunapproved access all things considered and robbery of information than before. The insidebusiness preparing frameworks of budgetary foundations are being associated with otheroutside systems and a more noteworthy utilization of regular correspondence convention. Inaddition, there are numerous gadgets utilized for client exchanges that might be overseen bymonetary establishments less adequately than money allocators and programmed tellermachines (ATMs).
6INFORMATION SECURITY3) Information security systems and policies Sharma and Warkentin (2014) mentioned that formulation of security policies andstandards are essential for every financial organization for mitigating security issues that areinvolved in its business processes. In light of the more prominent utilization of openframeworks for a budgetary foundation's numerous business preparing needs, an assortmentof specialty units inside those associations are under strain to execute data safety efforts. Forthe whole association to cooperate and successfully execute countermeasures under theseconditions, strategies and their particular points of interest ought to be composed, and afterthat it must be guaranteed that the whole association is informed completely (Connolly et al.2015). Albeit Japanese monetary foundations do have involvement in the utilization ofmeasures for data security and in many examples these measures appear to have beenconceived on an individual or single framework premise. Japanese money relatedorganizations are behind their partners in Europe as well as North America with regards tothe cross-sectional countermeasures that are covering the entire framework. 4) New information security monitoring metrics and parametersOrganizations combine the applicable frameworks of risk with all the control sets ofthe ISCM or information security continuous monitoring methodology for providing aholistic approach to compliance and carrying out the process of risk management (Kidwell etal. 2016). This can be done by providing controls over a wide range of areas along with ahigh level details and guidance on its metrics. As the utilization of open frameworksincrements, there is a relevant need to get a handle on the data security attacks confrontingthe whole association precisely and to build up arrangements and norms that are vital for thedefinition and usage of fitting countermeasures (Von Solms and Van Niekerk 2013). Datasecurity arrangement is the systematization of methodologies and strategies identified withthe plan of data safety efforts to be connected inside an association so as to react to the
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Analysis of Ethical and Legal Considerations in Security Monitoringlg...
|7
|774
|204
Professional Skills In Information Communication Technology: Cyber Securitylg...
|20
|6717
|27
IT Infrastructure and Security Assignmentlg...
|14
|3571
|67
Organizational Security Planlg...
|38
|6571
|308
Cyber Security: Critical Policies, Risks, Framework and Implementationlg...
|6
|1203
|72
Audit Evidence - Deskliblg...
|9
|1256
|241