Comprehensive Report: Information Systems Security and Risk Analysis

Verified

Added on 2023/05/26

AI Summary

This report provides an in-depth analysis of information systems security, encompassing various risks to hardware, software, and networks, from both internal and external sources. It emphasizes the importance of a dynamic security system, outlining features such as risk assessment, the role of a designated security officer, administrative security awareness, and compliance with regulatory standards like PCI, HIPAA, and FISMA. The report also highlights the significance of policies and procedures in addressing identified risks, ensuring that all organizational members understand their role in maintaining information technology security. A visual representation of the information system management process, including permission checks, is also provided. The report concludes with a list of relevant references supporting the discussed concepts.

Running head: INFORMATION SYSTEMS SUPPORT 1
Information Systems Support
Name
Institution Affiliation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SYSTEMS SUPPORT 2
Make a chart to show all risks to the information system including from inside or
outside the system, to hardware and software, and to the network, level of risk, and
possible solutions that could be instituted digitally, physically or through policy.
Features of an efficient security program
A dynamic security system offers an extensive outline on how the organization will ensure its
data is secure. Accordingly, this process calls for a holistic approach which describes the way
each part of the organization is included in the program (Perlman, Kaufman, & Speciner,
2016). It should be noted that a security program is not about the process of handling a guide
which provides details regarding things to be undertaken in case there is a breach in security.
Some of the components to ensure data security include:
Risk assessment: This process entails evaluation and identification of risks facing the security
program with the intention to control. Indeed, this is the most crucial part as the company has
to think about all risks that the organization is facing to decide on the suitable and
inexpensive approach to handle these risks. It has to be noted that risks can only be reduced
and not eliminated (Saxe, & Berlin, 2015). Thus, the assessment process aid to give priority
to risks by choosing on cost-effective countermeasures to control the risk.
Designated security officer: Most of the security standards and regulations calls for a
designated security officer (DSO) as a necessity. The organization’s security officer is tasked
with the responsibility to coordinate and running all security programs. This officer is the
organization’s internal check and balance whose role is to report to external IT to enhance
independence.
Administrative security awareness: According to the security agency it is agreed that the
weakest connectivity in most firms’ security is a human factor and not technology. While it is
the lowest connection, in most cases it has been overlooked by security programs.

INFORMATION SYSTEMS SUPPORT 3
Compliance with regulatory standards: Beside compliance with the organization's security
program, the business is required to adhere to external body standards (Titonis, Manohar-
Alers, & Wysopal, 2017). The elements of the organization’s security plan describe these
regulatory standards and the way the company should comply with them. Regulatory
standards which are likely to impact the organization include PCI for credit card processing,
HIPAA for patient information and FISMA for contractors and government agencies.
Policies and procedures: The risk assessment research help in outlining the things to worry
about. Therefore the policies and procedures elements allow the organization to decide on
how to handle risk facing the company.
Consequently, each person within the organization is required to have a security
program because it helps them to keep up considerations of the information technology
security. The security program helps to acknowledge the significance of staying updated with
the security controls which help to influence in the way the company handle its data (Borders,
2015). In doing so, it enables the company to keep its employees on the right track whereby it
is possible to change based on customers to ensure the company achieve its legitimate
responsibilities. The process of an organization is providing that its data security is
productively acclimatizing to its membership and the dependably current IT condition.

INFORMATION SYSTEMS SUPPORT 4
No No
Yes
Yes
Yes
No
Figure 1: Information system management process
Start permission
check
Request
ApprovalDeny request
Admin or
DB
Specific
Deny?
Permissio
n okay?
Deny request
Create a
security
context
Ownershi
p chain
check
Identify needed
permission

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SYSTEMS SUPPORT 5
References
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication
in a public world. Pearson Education India.
Borders, K. R. (2015). U.S. Patent No. 9,055,093. Washington, DC: U.S. Patent and
Trademark Office.
Titonis, T. H., Manohar-Alers, N. R., & Wysopal, C. J. (2017). U.S. Patent No. 9,672,355.
Washington, DC: U.S. Patent and Trademark Office.
Saxe, J., & Berlin, K. (2015, October). Deep neural network-based malware detection using
two-dimensional binary program features. In Malicious and Unwanted Software
(MALWARE), 2015 10th International Conference on (pp. 11-20). IEEE.