Principles of Information Security: Role of People and Physical Security in Data Centers
VerifiedAdded on 2023/06/08
|10
|2296
|423
AI Summary
This report discusses the role of people in maintaining operational security and physical security measures in data centers to protect sensitive information. It highlights potential risks and control measures to reduce them. The importance of security awareness and training is also emphasized.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Principles of information security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 1
Table of Contents
Introduction................................................................................................................................2
Task1 - Role of people in the operational security....................................................................3
Security awareness and training facilitates people.................................................................3
Task 2- Physical security in a data centre..................................................................................4
Risks that is stored in a data centre........................................................................................4
Physical security controls to reduce the potential risks..........................................................5
Conclusion..................................................................................................................................7
References..................................................................................................................................8
Table of Contents
Introduction................................................................................................................................2
Task1 - Role of people in the operational security....................................................................3
Security awareness and training facilitates people.................................................................3
Task 2- Physical security in a data centre..................................................................................4
Risks that is stored in a data centre........................................................................................4
Physical security controls to reduce the potential risks..........................................................5
Conclusion..................................................................................................................................7
References..................................................................................................................................8
Information security 2
Introduction
Information security is used by an organisation to assure that no unauthorised user
access the information. The main motive is to protect the confidentiality and integrity of the
data that is stored. To make sure information security is maintained various steps are used
like antivirus software, firewall, encryption software or any other standards. There are
various threats that an organisation face due to security breaches. Thus, it is important to
maintain the security of data stored over the network. In this report, the more focus is put
upon physical security. Physical security is a way through which all the sensitive information
that is stored over network, software’s or any location is protected. It assures that information
will not be misused and data will be protected from all the malicious attacks.
Introduction
Information security is used by an organisation to assure that no unauthorised user
access the information. The main motive is to protect the confidentiality and integrity of the
data that is stored. To make sure information security is maintained various steps are used
like antivirus software, firewall, encryption software or any other standards. There are
various threats that an organisation face due to security breaches. Thus, it is important to
maintain the security of data stored over the network. In this report, the more focus is put
upon physical security. Physical security is a way through which all the sensitive information
that is stored over network, software’s or any location is protected. It assures that information
will not be misused and data will be protected from all the malicious attacks.
Information security 3
Task1 - Role of people in the operational security
Operational security is one of the important part for every organisation. It is a process in
which an individual identifies the sensitive information and make sure that it is not accessed
by any unauthorised user (Ortalo, Deswarte and Kaâniche, 2014). The role of people is to
create a clear vision for building process and developing a technology stack to offer a proper
technical guidance.
Some of the ways in which people intentionally or unintentionally compromise the
information security are:
Not protecting the devices with proper security measures. There are various sensitive
information which should not be leaked thus it is important that security can be
maintained (Ortalo, Deswarte and Kaâniche, 2014). Security breach can occur due to
poor firewalls that increases chances off cyber-attacks. Thus, it is important that
traffic, network and all operations are monitored regularly by defining an access
control list so that only valid user accesses the information (Jones, 2014).
The other way through which security could be breached is surfing the web or
downloading from some unauthorised links. Due to this, malicious bugs enter the
system and try to access all the multiple data that breaches the confidentiality and
integrity of data (Jones, 2014). This can be reduced by using anti-spyware software’s
and avoiding information through unauthorised user.
Security awareness and training facilitates people
It is true that security awareness and training could facilitate people and play a
proactive role in maintaining the security. Most of individuals are not aware about the anti-
virus software’s and protections that are available (Huang and Milius, 2016). Training
sessions are useful as they make people aware about the attacks that can hit their system. This
in training session they are made aware about the steps that should be taken to protect or
safeguard the system. The training sessions create awareness as it is a formal process
undertaken to educate employees (Krishnan and Najeem, 2017). It helps an individual to
discover and develop a security focused culture. It empowers employees so that all the causes
of security breaches are understood and system is safeguarded from all the incidents. If in
case any security breach occurs it somewhere degrades the company’s reputation. Thus,
Task1 - Role of people in the operational security
Operational security is one of the important part for every organisation. It is a process in
which an individual identifies the sensitive information and make sure that it is not accessed
by any unauthorised user (Ortalo, Deswarte and Kaâniche, 2014). The role of people is to
create a clear vision for building process and developing a technology stack to offer a proper
technical guidance.
Some of the ways in which people intentionally or unintentionally compromise the
information security are:
Not protecting the devices with proper security measures. There are various sensitive
information which should not be leaked thus it is important that security can be
maintained (Ortalo, Deswarte and Kaâniche, 2014). Security breach can occur due to
poor firewalls that increases chances off cyber-attacks. Thus, it is important that
traffic, network and all operations are monitored regularly by defining an access
control list so that only valid user accesses the information (Jones, 2014).
The other way through which security could be breached is surfing the web or
downloading from some unauthorised links. Due to this, malicious bugs enter the
system and try to access all the multiple data that breaches the confidentiality and
integrity of data (Jones, 2014). This can be reduced by using anti-spyware software’s
and avoiding information through unauthorised user.
Security awareness and training facilitates people
It is true that security awareness and training could facilitate people and play a
proactive role in maintaining the security. Most of individuals are not aware about the anti-
virus software’s and protections that are available (Huang and Milius, 2016). Training
sessions are useful as they make people aware about the attacks that can hit their system. This
in training session they are made aware about the steps that should be taken to protect or
safeguard the system. The training sessions create awareness as it is a formal process
undertaken to educate employees (Krishnan and Najeem, 2017). It helps an individual to
discover and develop a security focused culture. It empowers employees so that all the causes
of security breaches are understood and system is safeguarded from all the incidents. If in
case any security breach occurs it somewhere degrades the company’s reputation. Thus,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information security 4
training sessions help the organisation to protect all the assets. It also increases the adoption
power of employees by understanding the risk so that security could be enhanced.
Apart from that, by creating awareness of security risk employees take better
precautions and remains updated by all the technology (Chenaru, Popescu, Enache, Ichim
and Stoican, 2017). In the training session employees are made aware about the steps that
need to be taken to safeguard the system like installing antiviruses, firewalls, updating
software, informing employees about the type of risks and how they can be encountered
(Huang and Milius, 2016). Training is very beneficial as once the employees are aware then
will look forward to cultivate all the security measures.
It also reduces errors as employees become careful because training session teach
employees about all the scams like phishing email attacks or malwares that may steal
personal information. Security training somewhere helps the organisation by protecting it
from all the possible threats which in turn maintain the confidence among the employees.
It is true that cybercrimes are increasing day by day and employees are not aware
about such issues thus security awareness programs educate everyone so that job satisfaction
and employee retention is maintained (Chenaru, Popescu, Enache, Ichim and Stoican,
2017). Training sessions also make employees aware about the rules and regulations that are
deployed by the company and government bodies. Training and one to one sessions should be
done regularly at regular time period. These training sessions are a threat for criminals too as
they are bypassed by the employees from many layers which makes difficult for them to gain
access to the data (Ekelund, et. al, 2016). As a result, it gets harder for them to accomplish
their mission.
Security awareness is an initiative taken to educate the employees with the idea of
making them understand about all the cyber-attacks and risks that could be faced. Security
awareness focuses more upon the human centric control (Ekelund, et. al, 2016).
Task 2- Physical security in a data centre
The objective of physical security data centre is to make sure that information is
protected and all the servers on which information is stored are secured.
Risks that is stored in a data centre
The risks that are faced by the organisation due to poor physical security are:
training sessions help the organisation to protect all the assets. It also increases the adoption
power of employees by understanding the risk so that security could be enhanced.
Apart from that, by creating awareness of security risk employees take better
precautions and remains updated by all the technology (Chenaru, Popescu, Enache, Ichim
and Stoican, 2017). In the training session employees are made aware about the steps that
need to be taken to safeguard the system like installing antiviruses, firewalls, updating
software, informing employees about the type of risks and how they can be encountered
(Huang and Milius, 2016). Training is very beneficial as once the employees are aware then
will look forward to cultivate all the security measures.
It also reduces errors as employees become careful because training session teach
employees about all the scams like phishing email attacks or malwares that may steal
personal information. Security training somewhere helps the organisation by protecting it
from all the possible threats which in turn maintain the confidence among the employees.
It is true that cybercrimes are increasing day by day and employees are not aware
about such issues thus security awareness programs educate everyone so that job satisfaction
and employee retention is maintained (Chenaru, Popescu, Enache, Ichim and Stoican,
2017). Training sessions also make employees aware about the rules and regulations that are
deployed by the company and government bodies. Training and one to one sessions should be
done regularly at regular time period. These training sessions are a threat for criminals too as
they are bypassed by the employees from many layers which makes difficult for them to gain
access to the data (Ekelund, et. al, 2016). As a result, it gets harder for them to accomplish
their mission.
Security awareness is an initiative taken to educate the employees with the idea of
making them understand about all the cyber-attacks and risks that could be faced. Security
awareness focuses more upon the human centric control (Ekelund, et. al, 2016).
Task 2- Physical security in a data centre
The objective of physical security data centre is to make sure that information is
protected and all the servers on which information is stored are secured.
Risks that is stored in a data centre
The risks that are faced by the organisation due to poor physical security are:
Information security 5
All the information and data are stored over data centre thus it is important to have a physical
security over all the internet services. Denial of service attack is problematic as they do not
only valid user to access the information(Dalgas, Silberbauer and Pedersen, 2016). Attacks
exploit all the assets and resources by allowing the vulnerabilities to control the access list.
They allow cyber criminals to insert SQL injection by breaking the channels and allowing
unauthorised user to access the data,
The other physical security risk of data centre is that all the information is stored over a
server and it is not stored at a particular place thus there is a huge risk at time of server
failure. If server fails no one can access the information as the data stored only on the web.
Thus valid users are unable to access the information as they may lose their connection with
the system during the failure of server (Ghai, Sharma and Jain, 2015). Thus, this physical
security breach can be resolved by using multiple servers by mirroring the data from one
location to other. They make sure that continuous operations are carried out even if the server
fails.
Physical security controls to reduce the potential risks
It is true that potential risks are increasing day by day thus some of the control
measures need to be taken to reduce the risk. The physical control that could be taken is
setting up a surveillance system that will track the entire system and avoid any misuse access
(Modarres, Kaminskiy and Krivtsov, 2016). It is an elementary way to check who is
accessing the information and who is not (Humayed, Lin, Li and Luo, 2017). It is very
beneficial as in case of any challenge the system could be monitored.
It is also suggested that rack mount servers could be used to maintain the physical
security (Tomás and Tordsson, 2014). They lock the files in racks that were once loaded on
the servers. Physical barriers can also be used so that a layer of security is maintained. Alarm
system and sensors could be used to alert the access of any unauthorised users (Humayed,
Lin, Li and Luo, 2017). They act as a trigger and inform the user whenever security breach
occurs. Cameras and video recorders are used to keep a clear eye on the system and monitor
all the traffic by checking who is accessing the data and verifying that users are authenticated.
Apart from that all the physical resources and devices that are attached to the system are
monitored and assured that they are secure and could be used (Kobezak, Marchany, Raymond
and Tront, 2018). The network security is also important along with physical security. As
network security is taken to make sure that integrity, confidentiality and availability is
All the information and data are stored over data centre thus it is important to have a physical
security over all the internet services. Denial of service attack is problematic as they do not
only valid user to access the information(Dalgas, Silberbauer and Pedersen, 2016). Attacks
exploit all the assets and resources by allowing the vulnerabilities to control the access list.
They allow cyber criminals to insert SQL injection by breaking the channels and allowing
unauthorised user to access the data,
The other physical security risk of data centre is that all the information is stored over a
server and it is not stored at a particular place thus there is a huge risk at time of server
failure. If server fails no one can access the information as the data stored only on the web.
Thus valid users are unable to access the information as they may lose their connection with
the system during the failure of server (Ghai, Sharma and Jain, 2015). Thus, this physical
security breach can be resolved by using multiple servers by mirroring the data from one
location to other. They make sure that continuous operations are carried out even if the server
fails.
Physical security controls to reduce the potential risks
It is true that potential risks are increasing day by day thus some of the control
measures need to be taken to reduce the risk. The physical control that could be taken is
setting up a surveillance system that will track the entire system and avoid any misuse access
(Modarres, Kaminskiy and Krivtsov, 2016). It is an elementary way to check who is
accessing the information and who is not (Humayed, Lin, Li and Luo, 2017). It is very
beneficial as in case of any challenge the system could be monitored.
It is also suggested that rack mount servers could be used to maintain the physical
security (Tomás and Tordsson, 2014). They lock the files in racks that were once loaded on
the servers. Physical barriers can also be used so that a layer of security is maintained. Alarm
system and sensors could be used to alert the access of any unauthorised users (Humayed,
Lin, Li and Luo, 2017). They act as a trigger and inform the user whenever security breach
occurs. Cameras and video recorders are used to keep a clear eye on the system and monitor
all the traffic by checking who is accessing the data and verifying that users are authenticated.
Apart from that all the physical resources and devices that are attached to the system are
monitored and assured that they are secure and could be used (Kobezak, Marchany, Raymond
and Tront, 2018). The network security is also important along with physical security. As
network security is taken to make sure that integrity, confidentiality and availability is
Information security 6
maintained (Tomás and Tordsson, 2014). The physical security on the other hand makes sure
that no external sources hit the system or try to misuse it.
maintained (Tomás and Tordsson, 2014). The physical security on the other hand makes sure
that no external sources hit the system or try to misuse it.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 7
Conclusion
From this report, it can be concluded that operational security is a risk management
process that make sure that information is protected from falling in wrong hand. The first part
of the report discusses the steps that should be taken by people to maintain eth operational
security. It is found that security breached is faced due to fact that devices are not protected
with proper security measures. The importance of security awareness and the role it play in
maintaining the security is listed. The second part help in understanding the physical security
measures of data centre and how physical security is reduces by the potential risk.
Conclusion
From this report, it can be concluded that operational security is a risk management
process that make sure that information is protected from falling in wrong hand. The first part
of the report discusses the steps that should be taken by people to maintain eth operational
security. It is found that security breached is faced due to fact that devices are not protected
with proper security measures. The importance of security awareness and the role it play in
maintaining the security is listed. The second part help in understanding the physical security
measures of data centre and how physical security is reduces by the potential risk.
Information security 8
References
Blackwell, S.R., AVOCENT HUNTSVILLE, LLC (2017). Cyber security monitoring system
and method for data center components. U.S. Patent 9,537,879.
Chenaru, O., Popescu, D., Enache, D., Ichim, L. and Stoican, F. (2017). Improving
operational security for web-based distributed control systems in wastewater management.
In Control and Automation (MED), 2017 25th Mediterranean Conference on (pp. 1089-
1093). IEEE.
Dalgas, M., Silberbauer, K. and Pedersen, D.R.H., SCHNEIDER ELECTTIC IT
CORPORATION ( 2016). Data center control. U.S. Patent 9,519,517.
Ekelund, U., Steene-Johannessen, J., Brown, W.J., Fagerland, M.W., Owen, N., Powell, K.E.,
Bauman, A., Lee, I.M., Series, L.P.A. and Lancet Sedentary Behaviour Working Group
(2016). Does physical activity attenuate, or even eliminate, the detrimental association of
sitting time with mortality? A harmonised meta-analysis of data from more than 1 million
men and women. The Lancet, 388(10051), pp.1302-1310.
Ghai, V., Sharma, S. and Jain, A., Quantum Security Inc (2015). Policy-based physical
security system for restricting access to computer resources and data flow through network
equipment. U.S. Patent 9,111,088.
Huang, P.C. and Milius, B. (2016). Operational Security–A Coming Evolution of Railway
Operational Procedures Under the IT Security Threat. In International Conference on
Reliability, Safety and Security of Railway Systems (pp. 69-78). Springer, Cham.
Humayed, A., Lin, J., Li, F. and Luo, B. (2017). Cyber-physical systems security—A
survey. IEEE Internet of Things Journal, 4(6), pp.1802-1831.
Jones, G. (2014). Operational Security Requirements for Large Internet Service Provider
(ISP) IP Network Infrastructure (No. RFC 3871).
Kobezak, P., Marchany, R., Raymond, D. and Tront, J. (2018). Host Inventory Controls and
Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education
Networks. In Proceedings of the 51st Hawaii International Conference on System Sciences.
References
Blackwell, S.R., AVOCENT HUNTSVILLE, LLC (2017). Cyber security monitoring system
and method for data center components. U.S. Patent 9,537,879.
Chenaru, O., Popescu, D., Enache, D., Ichim, L. and Stoican, F. (2017). Improving
operational security for web-based distributed control systems in wastewater management.
In Control and Automation (MED), 2017 25th Mediterranean Conference on (pp. 1089-
1093). IEEE.
Dalgas, M., Silberbauer, K. and Pedersen, D.R.H., SCHNEIDER ELECTTIC IT
CORPORATION ( 2016). Data center control. U.S. Patent 9,519,517.
Ekelund, U., Steene-Johannessen, J., Brown, W.J., Fagerland, M.W., Owen, N., Powell, K.E.,
Bauman, A., Lee, I.M., Series, L.P.A. and Lancet Sedentary Behaviour Working Group
(2016). Does physical activity attenuate, or even eliminate, the detrimental association of
sitting time with mortality? A harmonised meta-analysis of data from more than 1 million
men and women. The Lancet, 388(10051), pp.1302-1310.
Ghai, V., Sharma, S. and Jain, A., Quantum Security Inc (2015). Policy-based physical
security system for restricting access to computer resources and data flow through network
equipment. U.S. Patent 9,111,088.
Huang, P.C. and Milius, B. (2016). Operational Security–A Coming Evolution of Railway
Operational Procedures Under the IT Security Threat. In International Conference on
Reliability, Safety and Security of Railway Systems (pp. 69-78). Springer, Cham.
Humayed, A., Lin, J., Li, F. and Luo, B. (2017). Cyber-physical systems security—A
survey. IEEE Internet of Things Journal, 4(6), pp.1802-1831.
Jones, G. (2014). Operational Security Requirements for Large Internet Service Provider
(ISP) IP Network Infrastructure (No. RFC 3871).
Kobezak, P., Marchany, R., Raymond, D. and Tront, J. (2018). Host Inventory Controls and
Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education
Networks. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Information security 9
Krishnan, P. and Najeem, J. (2017). A multi plane network monitoring and defense
framework for sdn operational security. In International Conference on Operating System
Security (ICOSS 2017).
Modarres, M., Kaminskiy, M.P. and Krivtsov, V. (2016). Reliability engineering and risk
analysis: a practical guide. CRC press.
Ortalo, R., Deswarte, Y. and Kaâniche (2014). Experimenting with quantitative evaluation
tools for monitoring operational security. IEEE Transactions on Software Engineering, (5),
pp.633-650.
Tomás, L. and Tordsson, J. (2014). An autonomic approach to risk-aware data center
overbooking. IEEE Transactions on Cloud Computing, (1), pp.1-1.
Krishnan, P. and Najeem, J. (2017). A multi plane network monitoring and defense
framework for sdn operational security. In International Conference on Operating System
Security (ICOSS 2017).
Modarres, M., Kaminskiy, M.P. and Krivtsov, V. (2016). Reliability engineering and risk
analysis: a practical guide. CRC press.
Ortalo, R., Deswarte, Y. and Kaâniche (2014). Experimenting with quantitative evaluation
tools for monitoring operational security. IEEE Transactions on Software Engineering, (5),
pp.633-650.
Tomás, L. and Tordsson, J. (2014). An autonomic approach to risk-aware data center
overbooking. IEEE Transactions on Cloud Computing, (1), pp.1-1.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.