Comprehensive Analysis of Google's IS Strategy and Governance
VerifiedAdded on 2020/04/01
|16
|4745
|55
Report
AI Summary
This report provides a detailed analysis of Google's Information Systems (IS) strategy, focusing on its business nature, governance structures, processes, and policies. It examines how Google's core business as a search engine influences its approach to IT infrastructure, security, and the use of open-source software. The report explores the company's governance framework, highlighting its culture of innovation, commitment to security through its Code of Conduct, and the roles of various teams within its security organization. Furthermore, it discusses the roles and responsibilities of corporate officers in IT security, the skills required for IT security professionals, and whether Google's governance structures and policies reflect regulatory requirements, particularly in the context of IT security governance. The analysis covers various aspects of Google's approach, from its initial focus on search engine optimization to its current emphasis on data protection and the constant evolution of its algorithms, providing a comprehensive overview of the company's IS strategy and its implications.
IS Strategy
Written By:
9/19/2017
Written By:
9/19/2017
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
Nature of the business
In the era of globalization as well as technological advancement, Google has tried to
place their position in the mind of cyber users, like the powerful search engine over the
internet and it’s also used widely as the web-based search engine all over the world (Alberts
& Dorofee, 2002). It doesn’t matter, whether it's old or young, Google can always be seen in
the conversation about computers or internet (Axelrod, Bayuk & Schutzer, 2009). One can
view the history about how the companies enhance from small too big and are also identified
all over the world. The core business of Google is to offer the search engine to the cyber user,
who is interested in going to their place of interest (Alberts & Dorofee, 2002). The search
engine of Google tries to attract various internet users through simple design, but outcomes
are quite amazing search outcome (Axelrod, Bayuk & Schutzer, 2009). After the starting
stage of the Google setting itself at the global position, it started selling the ads related to the
keywords of search. The ads were text-based to increase the loading speed of the page
(Alberts & Dorofee, 2002). Most of the revenue of Google depends on the ads, and they had
attained success with the support of AdSense and AdWords in the system after attaining
experience within the industry (Alberts & Dorofee, 2002).
For developing the expected IT infrastructure, the department of IT try to maintain the
balance among the purchasing of products from the outside vendors and try to draw up the
software; for instance the organization purchase of the software from Oracle for maintaining
the accounts; whereas, when the case of managing the customer relationship management,
Google try to develop the software (Alberts & Dorofee, 2002). Through the administration of
the company try to create the data, that is made available to every employee, it also tries to
make sure that the information is protected from getting misused or either used through the
unauthenticated users (Alberts & Dorofee, 2002). Google even try to encourage the use of
open source software through applying it. It also initiates the students to work and develop
Nature of the business
In the era of globalization as well as technological advancement, Google has tried to
place their position in the mind of cyber users, like the powerful search engine over the
internet and it’s also used widely as the web-based search engine all over the world (Alberts
& Dorofee, 2002). It doesn’t matter, whether it's old or young, Google can always be seen in
the conversation about computers or internet (Axelrod, Bayuk & Schutzer, 2009). One can
view the history about how the companies enhance from small too big and are also identified
all over the world. The core business of Google is to offer the search engine to the cyber user,
who is interested in going to their place of interest (Alberts & Dorofee, 2002). The search
engine of Google tries to attract various internet users through simple design, but outcomes
are quite amazing search outcome (Axelrod, Bayuk & Schutzer, 2009). After the starting
stage of the Google setting itself at the global position, it started selling the ads related to the
keywords of search. The ads were text-based to increase the loading speed of the page
(Alberts & Dorofee, 2002). Most of the revenue of Google depends on the ads, and they had
attained success with the support of AdSense and AdWords in the system after attaining
experience within the industry (Alberts & Dorofee, 2002).
For developing the expected IT infrastructure, the department of IT try to maintain the
balance among the purchasing of products from the outside vendors and try to draw up the
software; for instance the organization purchase of the software from Oracle for maintaining
the accounts; whereas, when the case of managing the customer relationship management,
Google try to develop the software (Alberts & Dorofee, 2002). Through the administration of
the company try to create the data, that is made available to every employee, it also tries to
make sure that the information is protected from getting misused or either used through the
unauthenticated users (Alberts & Dorofee, 2002). Google even try to encourage the use of
open source software through applying it. It also initiates the students to work and develop
2
the new software through offering the internship programs. In this manner, the company tries
to attain new ideas that can be supportive (Alberts & Dorofee, 2002). Google also seeks to
develop the similar applications such as Google Apps that can be applied for the external and
internal purpose (Axelrod, Bayuk & Schutzer, 2009). The algorithm search engine is
continuously updated, so that retrieval of information could get more relevant (Alberts &
Dorofee, 2002). The engineers ensure that the retrieval of information for the internet user get
less. Google also adopts the round robin policy, which supports them in load balancing of
server load. The servers of Google are categorized in various types, and every server is
assigned with a particular function (Axelrod, Bayuk & Schutzer, 2009).
The business nature makes the Google emphasize the aspects of security and try to
make it critical for Google (Axelrod, Bayuk & Schutzer, 2009). The master search algorithm
of the formula is to keep things secret. Instead of trying to implement the measures of strict
policy, the organization ensures about the organization infrastructure as secured (Axelrod,
Bayuk & Schutzer, 2009). The focus is placed on the corrective and detective controls. More
than 150 engineers are hired for offering the information security as well as for maintaining
the organization security infrastructure (Axelrod, Bayuk & Schutzer, 2009). The engineers
regularly view the virus-like Spyware, and Google makes use of intrusion detection system
for avoiding the breach of security (Axelrod, Bayuk & Schutzer, 2009).
Governance structures, processes, and policies it has in place
It can be mentioned that, for the type of technology and innovation, Google produce
the culture, governance as well as process as perfectly applied for generating the assistance of
an idea one another (Axelrod, Bayuk & Schutzer, 2009). The top executives hold instinct for
taking the company and agree with them, in case they ask for hostile takeovers to place long-
term vision (Axelrod, Bayuk & Schutzer, 2009). The model of media might be right as
the new software through offering the internship programs. In this manner, the company tries
to attain new ideas that can be supportive (Alberts & Dorofee, 2002). Google also seeks to
develop the similar applications such as Google Apps that can be applied for the external and
internal purpose (Axelrod, Bayuk & Schutzer, 2009). The algorithm search engine is
continuously updated, so that retrieval of information could get more relevant (Alberts &
Dorofee, 2002). The engineers ensure that the retrieval of information for the internet user get
less. Google also adopts the round robin policy, which supports them in load balancing of
server load. The servers of Google are categorized in various types, and every server is
assigned with a particular function (Axelrod, Bayuk & Schutzer, 2009).
The business nature makes the Google emphasize the aspects of security and try to
make it critical for Google (Axelrod, Bayuk & Schutzer, 2009). The master search algorithm
of the formula is to keep things secret. Instead of trying to implement the measures of strict
policy, the organization ensures about the organization infrastructure as secured (Axelrod,
Bayuk & Schutzer, 2009). The focus is placed on the corrective and detective controls. More
than 150 engineers are hired for offering the information security as well as for maintaining
the organization security infrastructure (Axelrod, Bayuk & Schutzer, 2009). The engineers
regularly view the virus-like Spyware, and Google makes use of intrusion detection system
for avoiding the breach of security (Axelrod, Bayuk & Schutzer, 2009).
Governance structures, processes, and policies it has in place
It can be mentioned that, for the type of technology and innovation, Google produce
the culture, governance as well as process as perfectly applied for generating the assistance of
an idea one another (Axelrod, Bayuk & Schutzer, 2009). The top executives hold instinct for
taking the company and agree with them, in case they ask for hostile takeovers to place long-
term vision (Axelrod, Bayuk & Schutzer, 2009). The model of media might be right as
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
compared to them, as both of them are reliant on the talent and vision. The culture of creative
corporate is fabulous for attracting the Googolplex as the right playground for developing the
magic of Google (Axelrod, Bayuk & Schutzer, 2009). The process of organization of
permitting the staff for using 20% of the work time in combination with the teamwork style
that looks like a right formula for developing the dirty and rough prototype that it explored
the value that could create entirely through the alpha to beta (Axelrod, Bayuk & Schutzer,
2009). The only types of limitation that can view the ego possibility in the manner of doing
the right work and the company’s size eventually turn the staff and businesses customers
(Axelrod, Bayuk & Schutzer, 2009). This could be branding issue for Google in the coming
time over how to deal with the increase in huge companies (Axelrod, Bayuk & Schutzer,
2009).
The commitment of Google towards security is outlined through Code of the conduct
of Google, along with security philosophy of Google (Eloff, Labuschagne, Solms & Dhillon,
2011). All these policies include the huge array of the security linked with the topics, which
includes the necessary policies that each staff should comply with physical security, account,
data as well as few specific policies including the systems and internal applications, which
are expected by employees to follow (Eloff, Labuschagne, Solms & Dhillon, 2011). All these
security policies are reviewed and updated periodically. Staff is also needed to attain
continuous security training over the security topics like the safe internet use, how to label,
handle the sensitive information, and working through the remote location safety (Axelrod,
Bayuk & Schutzer, 2009). Extra training is also provided about the interest policy topics,
which includes the areas of emerging technology like safe use of social technologies and
mobile devices (Eloff, Labuschagne, Solms & Dhillon, 2011).
The security organization of Google is divided into various teams, which emphasize
over the auditing of global security, information security, and compliance, along with
compared to them, as both of them are reliant on the talent and vision. The culture of creative
corporate is fabulous for attracting the Googolplex as the right playground for developing the
magic of Google (Axelrod, Bayuk & Schutzer, 2009). The process of organization of
permitting the staff for using 20% of the work time in combination with the teamwork style
that looks like a right formula for developing the dirty and rough prototype that it explored
the value that could create entirely through the alpha to beta (Axelrod, Bayuk & Schutzer,
2009). The only types of limitation that can view the ego possibility in the manner of doing
the right work and the company’s size eventually turn the staff and businesses customers
(Axelrod, Bayuk & Schutzer, 2009). This could be branding issue for Google in the coming
time over how to deal with the increase in huge companies (Axelrod, Bayuk & Schutzer,
2009).
The commitment of Google towards security is outlined through Code of the conduct
of Google, along with security philosophy of Google (Eloff, Labuschagne, Solms & Dhillon,
2011). All these policies include the huge array of the security linked with the topics, which
includes the necessary policies that each staff should comply with physical security, account,
data as well as few specific policies including the systems and internal applications, which
are expected by employees to follow (Eloff, Labuschagne, Solms & Dhillon, 2011). All these
security policies are reviewed and updated periodically. Staff is also needed to attain
continuous security training over the security topics like the safe internet use, how to label,
handle the sensitive information, and working through the remote location safety (Axelrod,
Bayuk & Schutzer, 2009). Extra training is also provided about the interest policy topics,
which includes the areas of emerging technology like safe use of social technologies and
mobile devices (Eloff, Labuschagne, Solms & Dhillon, 2011).
The security organization of Google is divided into various teams, which emphasize
over the auditing of global security, information security, and compliance, along with
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
physical security for safeguarding the hardware infrastructure of Google (Eloff, Labuschagne,
Solms & Dhillon, 2011). Together teamwork addresses the complete international computing
environment. In case of Information Security team, Google hires the full-time team of
information security, which includes 250 experts in the area of network security, information,
and application (Eloff, Labuschagne, Solms & Dhillon, 2011). The team is highly responsible
for the maintaining the organization perimeter as well as internal defense systems, creating
the process for securing the development as well as security review and constructing the
customized security infrastructure (Eloff, Labuschagne, Solms & Dhillon, 2011). It also
implies the leading role in the documentation, development and Google security policies
implantation policies and standard (Axelrod, Bayuk & Schutzer, 2009).
Corporate officers and their roles as described in public documentation
In the present time, the world is moving towards IT as the required belonging, but the
threats around the It world are also rising (Gofbole, 2008). This might lead towards the IT
security strategies, which can resolve the IT issues and can even control the threats happening
in the technology area (Gofbole, 2008). The Information Technology security professionals
manage the responsibility for safeguarding the IT world through increasing problems and
threats (Gofbole, 2008).
Whoever takes the responsibility of protecting the infrastructure, networks and
computer systems are the system administration, IT security professionals, information
security engineers, network security officers, chief information officer, chief security officers,
network engineers, information assurance manager, chief information security officer as well
as computer operators are among the few that hold fundamental role in IT security
professionals (Gofbole, 2008). The IT security professional’s job revolves around IT system
physical security for safeguarding the hardware infrastructure of Google (Eloff, Labuschagne,
Solms & Dhillon, 2011). Together teamwork addresses the complete international computing
environment. In case of Information Security team, Google hires the full-time team of
information security, which includes 250 experts in the area of network security, information,
and application (Eloff, Labuschagne, Solms & Dhillon, 2011). The team is highly responsible
for the maintaining the organization perimeter as well as internal defense systems, creating
the process for securing the development as well as security review and constructing the
customized security infrastructure (Eloff, Labuschagne, Solms & Dhillon, 2011). It also
implies the leading role in the documentation, development and Google security policies
implantation policies and standard (Axelrod, Bayuk & Schutzer, 2009).
Corporate officers and their roles as described in public documentation
In the present time, the world is moving towards IT as the required belonging, but the
threats around the It world are also rising (Gofbole, 2008). This might lead towards the IT
security strategies, which can resolve the IT issues and can even control the threats happening
in the technology area (Gofbole, 2008). The Information Technology security professionals
manage the responsibility for safeguarding the IT world through increasing problems and
threats (Gofbole, 2008).
Whoever takes the responsibility of protecting the infrastructure, networks and
computer systems are the system administration, IT security professionals, information
security engineers, network security officers, chief information officer, chief security officers,
network engineers, information assurance manager, chief information security officer as well
as computer operators are among the few that hold fundamental role in IT security
professionals (Gofbole, 2008). The IT security professional’s job revolves around IT system
5
protection. It includes the infrastructure, network and all other IT information grounds
(Gofbole, 2008).
Customer data, securing the information assets, financial information and various
other critical IT information is the main responsibility of the security IT professionals
(Hamid, 2007). Their role holds the responsibility to offer access to the information to the
users relied on the identity and necessity. Information is provided to people when they are
legally eligible for attaining access (Harkins, 2012). Every department of IT security holds
particular policies and principles according to the policies of the company and require
following the same (Axelrod, Bayuk & Schutzer, 2009). They adopt the specific set of
regulations, rules, strategies, and methodologies for protecting the information systems
(Harkins, 2012). The IT security professional responsibility is definite as mentioned below:
Significant IT security professional responsibilities
1. Designing and developing the software and security devices for ensuring the client
information and product safety (Harkins, 2012).
2. Measures of measuring the security of IT within the network system
3. Inspections of operating regulation and network process for updates about security
(Axelrod, Bayuk & Schutzer, 2009).
4. Undertaking the audit process for initiating the safety and security measures and strategies
(Harkins, 2012).
5. Customize information access according to necessity and rules
6. Maintaining the standard security information policy, services, and procedure (Harkins,
2012).
protection. It includes the infrastructure, network and all other IT information grounds
(Gofbole, 2008).
Customer data, securing the information assets, financial information and various
other critical IT information is the main responsibility of the security IT professionals
(Hamid, 2007). Their role holds the responsibility to offer access to the information to the
users relied on the identity and necessity. Information is provided to people when they are
legally eligible for attaining access (Harkins, 2012). Every department of IT security holds
particular policies and principles according to the policies of the company and require
following the same (Axelrod, Bayuk & Schutzer, 2009). They adopt the specific set of
regulations, rules, strategies, and methodologies for protecting the information systems
(Harkins, 2012). The IT security professional responsibility is definite as mentioned below:
Significant IT security professional responsibilities
1. Designing and developing the software and security devices for ensuring the client
information and product safety (Harkins, 2012).
2. Measures of measuring the security of IT within the network system
3. Inspections of operating regulation and network process for updates about security
(Axelrod, Bayuk & Schutzer, 2009).
4. Undertaking the audit process for initiating the safety and security measures and strategies
(Harkins, 2012).
5. Customize information access according to necessity and rules
6. Maintaining the standard security information policy, services, and procedure (Harkins,
2012).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
Above mentioned are the responsibility of each, and every It security professional
relied on the role required to meet. Through making sure about the high responsibility can be
referred a scaling job (Jacobs, 2015). One needs to get updated with the advanced skills and
knowledge along with the particular work within the team towards attaining the information
security perfect security (Kim & Solomon, 2010). The analysis is also done about the skills
that are required by IT professional, and the same is mentioned below:
Skills required for IT security professionals:
1. The IT security professionals are expected to be a strategist to make sure about
protecting the infrastructure, network as well as computer systems (Kim & Solomon, 2010).
It is also important that one should be aware of the evolving security controls and measures
and should hold ability for implementing the same in the company (Kim & Solomon, 2010).
Besides that, the security professional in IT need to be strategic, and that should be enough
for judging the before as well as after results of the security measure (Kim & Solomon,
2010).
2. The IT security professionals need to be adequate management as well as communication
skills for making sure about the effective coordination with the clients and team (Axelrod,
Bayuk & Schutzer, 2009). She and He are requiring communicating with the organizational
professionals regarding the IT terms (Kim & Solomon, 2010). Similar to that, while handling
the client, the measures and principle of security should be taught clearly within the
organization (Kim & Solomon, 2010).
3. Other skills expected of the IT security professionals are to stay technically competent. It
is also important that they should always hold re-skills along with advanced technology skills
to become capable of grasping the issues of technical security immediate and solve the same
Above mentioned are the responsibility of each, and every It security professional
relied on the role required to meet. Through making sure about the high responsibility can be
referred a scaling job (Jacobs, 2015). One needs to get updated with the advanced skills and
knowledge along with the particular work within the team towards attaining the information
security perfect security (Kim & Solomon, 2010). The analysis is also done about the skills
that are required by IT professional, and the same is mentioned below:
Skills required for IT security professionals:
1. The IT security professionals are expected to be a strategist to make sure about
protecting the infrastructure, network as well as computer systems (Kim & Solomon, 2010).
It is also important that one should be aware of the evolving security controls and measures
and should hold ability for implementing the same in the company (Kim & Solomon, 2010).
Besides that, the security professional in IT need to be strategic, and that should be enough
for judging the before as well as after results of the security measure (Kim & Solomon,
2010).
2. The IT security professionals need to be adequate management as well as communication
skills for making sure about the effective coordination with the clients and team (Axelrod,
Bayuk & Schutzer, 2009). She and He are requiring communicating with the organizational
professionals regarding the IT terms (Kim & Solomon, 2010). Similar to that, while handling
the client, the measures and principle of security should be taught clearly within the
organization (Kim & Solomon, 2010).
3. Other skills expected of the IT security professionals are to stay technically competent. It
is also important that they should always hold re-skills along with advanced technology skills
to become capable of grasping the issues of technical security immediate and solve the same
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
(Kouns & Minoli, 2011). These are few of the significance skills needed by the IT security
professionals.
Whether the governance structures and policies reflect regulatory requirements
IT security governance is considered as the system through which companies can direct and
control the security of IT that is adopted by the ISO 38500 (Kouns & Minoli, 2011). It is
noted that IT security governance need not get confused with the security management of IT
(Axelrod, Bayuk & Schutzer, 2009). IT security management should be concerned with
creating decisions for mitigating the risks; even governance determines the authorization of
taking decisions (Kouns & Minoli, 2011). Governance explicitly specifies the accountability
framework and offers an outright for making sure about the risks that should be mitigated
adequately, while the management makes sure about the controls that are implemented for
reducing the risk (Peltier, 2005). Management suggests the security strategies. Governance
also makes sure about the security strategies that are aligned with the business regulation and
objectives (Peltier, 2005).
NIST explains about the IT governance and mentioned it as the process of setting and
maintaining the framework for offering assurance that IT security strategies are connected
with the help of business objectives, which are consistent with the relevant laws and
regulations by the adherence towards internal control and policies and offer responsibility for
managing the risk (Calabrese, 2004). There are many laws and regulations, and from that,
few are particular of industries that can impact the information Technology (Axelrod, Bayuk
& Schutzer, 2009). Each company should explore the appropriate regulations affecting them
and then only they should respond accordingly, and make sure that both the role and
responsibilities for analyzing the matters of legal and regulatory are defined correctly for
(Kouns & Minoli, 2011). These are few of the significance skills needed by the IT security
professionals.
Whether the governance structures and policies reflect regulatory requirements
IT security governance is considered as the system through which companies can direct and
control the security of IT that is adopted by the ISO 38500 (Kouns & Minoli, 2011). It is
noted that IT security governance need not get confused with the security management of IT
(Axelrod, Bayuk & Schutzer, 2009). IT security management should be concerned with
creating decisions for mitigating the risks; even governance determines the authorization of
taking decisions (Kouns & Minoli, 2011). Governance explicitly specifies the accountability
framework and offers an outright for making sure about the risks that should be mitigated
adequately, while the management makes sure about the controls that are implemented for
reducing the risk (Peltier, 2005). Management suggests the security strategies. Governance
also makes sure about the security strategies that are aligned with the business regulation and
objectives (Peltier, 2005).
NIST explains about the IT governance and mentioned it as the process of setting and
maintaining the framework for offering assurance that IT security strategies are connected
with the help of business objectives, which are consistent with the relevant laws and
regulations by the adherence towards internal control and policies and offer responsibility for
managing the risk (Calabrese, 2004). There are many laws and regulations, and from that,
few are particular of industries that can impact the information Technology (Axelrod, Bayuk
& Schutzer, 2009). Each company should explore the appropriate regulations affecting them
and then only they should respond accordingly, and make sure that both the role and
responsibilities for analyzing the matters of legal and regulatory are defined correctly for
8
every stakeholder group, so that every group can easily apply the particular expertise in
efficient manner (Axelrod, Bayuk & Schutzer, 2009).
The current increase in the regulations that impact the IT use is due to various factors
like, laws for protecting the information along with its potential to misuse the electronic
form; increase in computer system and network use for undertaking the criminal activities,
which also includes hacking, viruses, pornography and money laundering (Solms & Solms,
2008). Increase in the massive contractual relationship with the IT products and services,
such as product license, outsourcing, and managed services (Solms & Solms, 2008). It also
includes the increase in various types of electronic media as well as the potential for misusing
the valuable information assets, which results in the intellectual and copyright property
problems concerning with the user and vendors (Axelrod, Bayuk & Schutzer, 2009).
How the organization addresses and mitigates risk
In the rapid-paced international economy, this relies on most of the information, by
making sure about the IT asset security to get paramount (Peltier, 2008). Building on the
current research through CompTIA, around 28% of the present business list security is
considered an important factor, and this number is measured for improving in coming two
years (Peltier, 2008). The study also rightly claim that various organizations believe that
secure enough is potentially vulnerable to critical security threats that emerge with new
technologies (Peltier, 2008). These increasing threats are initiating the business to these
growing threats are starting the business to adopt the new methods for examining the
changing needs of security. In a survey conducted by Gartner, research shows that the mobile
rules for most of the organizations (Peltier, 2008).
Keep system updated
every stakeholder group, so that every group can easily apply the particular expertise in
efficient manner (Axelrod, Bayuk & Schutzer, 2009).
The current increase in the regulations that impact the IT use is due to various factors
like, laws for protecting the information along with its potential to misuse the electronic
form; increase in computer system and network use for undertaking the criminal activities,
which also includes hacking, viruses, pornography and money laundering (Solms & Solms,
2008). Increase in the massive contractual relationship with the IT products and services,
such as product license, outsourcing, and managed services (Solms & Solms, 2008). It also
includes the increase in various types of electronic media as well as the potential for misusing
the valuable information assets, which results in the intellectual and copyright property
problems concerning with the user and vendors (Axelrod, Bayuk & Schutzer, 2009).
How the organization addresses and mitigates risk
In the rapid-paced international economy, this relies on most of the information, by
making sure about the IT asset security to get paramount (Peltier, 2008). Building on the
current research through CompTIA, around 28% of the present business list security is
considered an important factor, and this number is measured for improving in coming two
years (Peltier, 2008). The study also rightly claim that various organizations believe that
secure enough is potentially vulnerable to critical security threats that emerge with new
technologies (Peltier, 2008). These increasing threats are initiating the business to these
growing threats are starting the business to adopt the new methods for examining the
changing needs of security. In a survey conducted by Gartner, research shows that the mobile
rules for most of the organizations (Peltier, 2008).
Keep system updated
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
Most of the failure of the system happens due to the lack of right patch. Few statistics
related to researchers explain the interesting facts related with similar vulnerably faced by the
companies (Peltier, 2016). In case the companies help BYOD and then also control over
performing the standard maintenance, then in that case issues usually get worse, as they invite
attack sources without having any prevention (Axelrod, Bayuk & Schutzer, 2009). To avoid
the risk, it is important to ensure the system that is updated, and it also includes the servers
inside the laptops, company, mobile device, and desktops (Peltier, 2016). Small mobile
devices come through different operating systems, and firmware (Axelrod, Bayuk &
Schutzer, 2009). By considering this, companies are expected to permit the mobile devices
for patching to get maintained ideally (Peltier, 2016).
Undertake governance review as well as assessment of mobile security
Consideration and assessment of governance are necessary for measuring and
defining the IT operations operational efficiency and explore the gaps that require getting
fixed (Stamp, 2011). Famous research organizations like OWASP and Gartner provides the
security matrices for performing the security assessment and explore the maturity level of IT
security of an organization (Tipton & Krause, 2009). Information technology scores the
famous assessment matrix through Gartner that supports the company is exploring the risk
and measuring and analyzing the mobile security program maturity of business (Axelrod,
Bayuk & Schutzer, 2009). For instance, in case of Spider chart, it is noted that the chart
indicates about the presents core of the company, where else the chart shows the ideal score
of an organization (Tipton & Krause, 2009).
Cyberwarfare
It is suggested that the correct application of intrusion prevention as well as intrusion
detection system along with firewalls is the primary response (Axelrod, Bayuk & Schutzer,
Most of the failure of the system happens due to the lack of right patch. Few statistics
related to researchers explain the interesting facts related with similar vulnerably faced by the
companies (Peltier, 2016). In case the companies help BYOD and then also control over
performing the standard maintenance, then in that case issues usually get worse, as they invite
attack sources without having any prevention (Axelrod, Bayuk & Schutzer, 2009). To avoid
the risk, it is important to ensure the system that is updated, and it also includes the servers
inside the laptops, company, mobile device, and desktops (Peltier, 2016). Small mobile
devices come through different operating systems, and firmware (Axelrod, Bayuk &
Schutzer, 2009). By considering this, companies are expected to permit the mobile devices
for patching to get maintained ideally (Peltier, 2016).
Undertake governance review as well as assessment of mobile security
Consideration and assessment of governance are necessary for measuring and
defining the IT operations operational efficiency and explore the gaps that require getting
fixed (Stamp, 2011). Famous research organizations like OWASP and Gartner provides the
security matrices for performing the security assessment and explore the maturity level of IT
security of an organization (Tipton & Krause, 2009). Information technology scores the
famous assessment matrix through Gartner that supports the company is exploring the risk
and measuring and analyzing the mobile security program maturity of business (Axelrod,
Bayuk & Schutzer, 2009). For instance, in case of Spider chart, it is noted that the chart
indicates about the presents core of the company, where else the chart shows the ideal score
of an organization (Tipton & Krause, 2009).
Cyberwarfare
It is suggested that the correct application of intrusion prevention as well as intrusion
detection system along with firewalls is the primary response (Axelrod, Bayuk & Schutzer,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
2009). Through undertaking the real-time analysis of the network traffic like investigating
and the security threat inclusion, and individual companies can detect the less sophisticated
attack related to the user level (Tipton & Krause, 2009). Huge organizations are suggested to
get aware of the network security and vulnerabilities, and they are also expected to work
towards securing the advanced threat protection platform properties for the betterment of the
endpoint protection and server security protection (Tipton & Krause, 2009). About the
government cyber-attacks, the main defense line is to undertake the common front existing
between the cyber attackers (Axelrod, Bayuk & Schutzer, 2009). There is no correct time for
opening about the dialogue as well as collaboration among the government industries and
agencies for taking action against the cyberwarfare (Tipton & Krause, 2009). It is suggested
that attacks, which go massive, the interconnected system could be disclosed readily by
comparing the information and creating the similar task forces (Axelrod, Bayuk & Schutzer,
2009). Detection and protection are not enough for stopping the attackers each time, but it
can also inhibit the future as well as common threats (Tipton & Krause, 2009).
Espionage
Individuals and organizations might apply to bring your device (BYOD) that look
inexpensive solution, but the same might develop certain issues (Vacca, 2017). If one assists
the BYOD then, in that case, it is suggested that they should try to enforce the management
as well as maintenance (Vacca, 2017). It is again crucial for making sure that the mechanism
of device control should safeguard the leakage of information (Axelrod, Bayuk & Schutzer,
2009). It also permits the USB devices for inserting, but rather it will also encrypt the
information (Vacca, 2017). When the information is later applied to certain another system in
the organizational environment, then in that case information will be encrypted automatically
and then it can be decrypted, when it is copied towards the system that holds no device
control mechanism, then it will be of no use (Wheeler, 2011).
2009). Through undertaking the real-time analysis of the network traffic like investigating
and the security threat inclusion, and individual companies can detect the less sophisticated
attack related to the user level (Tipton & Krause, 2009). Huge organizations are suggested to
get aware of the network security and vulnerabilities, and they are also expected to work
towards securing the advanced threat protection platform properties for the betterment of the
endpoint protection and server security protection (Tipton & Krause, 2009). About the
government cyber-attacks, the main defense line is to undertake the common front existing
between the cyber attackers (Axelrod, Bayuk & Schutzer, 2009). There is no correct time for
opening about the dialogue as well as collaboration among the government industries and
agencies for taking action against the cyberwarfare (Tipton & Krause, 2009). It is suggested
that attacks, which go massive, the interconnected system could be disclosed readily by
comparing the information and creating the similar task forces (Axelrod, Bayuk & Schutzer,
2009). Detection and protection are not enough for stopping the attackers each time, but it
can also inhibit the future as well as common threats (Tipton & Krause, 2009).
Espionage
Individuals and organizations might apply to bring your device (BYOD) that look
inexpensive solution, but the same might develop certain issues (Vacca, 2017). If one assists
the BYOD then, in that case, it is suggested that they should try to enforce the management
as well as maintenance (Vacca, 2017). It is again crucial for making sure that the mechanism
of device control should safeguard the leakage of information (Axelrod, Bayuk & Schutzer,
2009). It also permits the USB devices for inserting, but rather it will also encrypt the
information (Vacca, 2017). When the information is later applied to certain another system in
the organizational environment, then in that case information will be encrypted automatically
and then it can be decrypted, when it is copied towards the system that holds no device
control mechanism, then it will be of no use (Wheeler, 2011).
11
It’s also recommended that critical infrastructure protection through dividing the
intellectual property network through the corporate network and allows having access
towards the network by individuals that require access (Javidi, 2006). But it is also crucial to
do more than that, documenting and deciding the permits to work towards the network and
include physical access towards the location and analyze the network requirement and it
should be determined (Javidi, 2006).
Possible improvements/impacts of internal changes/external factors on the 2-3 year
horizon
For reducing the interruption of service due to the failure of hardware, natural disaster
as well as various another catastrophes, Google try to implement the program of disaster
recovery at every data centers (Basin, Schaller & Schläpfer, 2011). This program covers up
different elements for reducing the risk of an individual point of failure, which also includes
the replication and backup of data (Basin, Schaller & Schläpfer, 2011). In case of backup and
data replication, the application information of Google is replicated through various systems
applied within the data center and in particular cases, its replicated to different city centers
(Basin, Schaller & Schläpfer, 2011).
Google quickly operates geographically distributed data centers set, which are
designed for maintaining the continuity of service during disaster events or many another
incident in the individual region (Basin, Schaller & Schläpfer, 2011). The connection of high
speed among the data centers supports in failover. Data centers management is also divided
for offering the location independent and system administration (Basin, Schaller & Schläpfer,
2011). Along with that data redundancy as well as regional disparate data centers, Google
tries to hold the business continuity plan in its headquarters (Axelrod, Bayuk & Schutzer,
2009). The method accounts for the key disasters like a seismic event or either the public
health crisis, or it also tries to assume that both services and people might not be available for
It’s also recommended that critical infrastructure protection through dividing the
intellectual property network through the corporate network and allows having access
towards the network by individuals that require access (Javidi, 2006). But it is also crucial to
do more than that, documenting and deciding the permits to work towards the network and
include physical access towards the location and analyze the network requirement and it
should be determined (Javidi, 2006).
Possible improvements/impacts of internal changes/external factors on the 2-3 year
horizon
For reducing the interruption of service due to the failure of hardware, natural disaster
as well as various another catastrophes, Google try to implement the program of disaster
recovery at every data centers (Basin, Schaller & Schläpfer, 2011). This program covers up
different elements for reducing the risk of an individual point of failure, which also includes
the replication and backup of data (Basin, Schaller & Schläpfer, 2011). In case of backup and
data replication, the application information of Google is replicated through various systems
applied within the data center and in particular cases, its replicated to different city centers
(Basin, Schaller & Schläpfer, 2011).
Google quickly operates geographically distributed data centers set, which are
designed for maintaining the continuity of service during disaster events or many another
incident in the individual region (Basin, Schaller & Schläpfer, 2011). The connection of high
speed among the data centers supports in failover. Data centers management is also divided
for offering the location independent and system administration (Basin, Schaller & Schläpfer,
2011). Along with that data redundancy as well as regional disparate data centers, Google
tries to hold the business continuity plan in its headquarters (Axelrod, Bayuk & Schutzer,
2009). The method accounts for the key disasters like a seismic event or either the public
health crisis, or it also tries to assume that both services and people might not be available for
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 16
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.