Information System Security: Tools, Techniques, and COBIT Framework

Verified

Added on 2022/08/01

AI Summary

This report delves into the critical aspects of information system security, exploring the tools and technologies employed to safeguard information resources. It begins by examining essential security measures such as firewalls, encryption, authentication, and endpoint protection, highlighting their roles in mitigating various threats. The report then transitions to the COBIT framework, a crucial tool for IT governance and management. It dissects the four key domains of COBIT: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Each domain's strategic importance and management questions are thoroughly analyzed. Furthermore, the report outlines the benefits of adopting the COBIT framework, emphasizing its role in risk management, operational excellence, cost optimization, and regulatory compliance. By providing a comprehensive overview of these security measures and the COBIT framework, the report offers valuable insights into protecting information resources in today's dynamic technological landscape.

Information System Security 1
INFORMATION SYSTEM SECURITY
Student’s Name
Institutional Affiliation
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information System Security 2
4) Tools and Technologies for Protecting Information Resources
The world is dynamic as it changes from one way of doing things to another.
Traditionally, most organization kept their documents manually, and daily activities were
similarly done manually. Over the years, in the face of technology, the world had grown and
most things in most organizations has been automated. Day to day activities is run by
information systems that manage the resources of an organization instead of doing them
manually. This has led to a problem where the system is faced with many threats that look for
vulnerabilities to attack the information system. However, the administrators of these systems
have to keep the system safe. They employ different technologies and tools to promote the
security of these systems. The case study will involve the various tools and techniques which are
implemented o enhance that all the resources are safe.
A firewall is a tool that is used in most organizations to prevent access to private
networks when connected to the internet from unknown and unauthorized users. There is a set up
between internal computers and the internet. This set up determines who is allowed to view the
files on the internal network. The security administrators use the game up to give access to those
on the internet to access the computers. Even though even if they might be given access, the
firewall restricts them from modifying the files. Firewalls can be hardware, software, or both.
Firewalls tools monitor the incoming and outgoing signals, and the set up may allow or block the
traffic depending on the restrictions put in place by security administrators. The firewall tool
resides in the operating system of a single computer and a central point, such as a server of a
centralized network (Mayer et.al , 2019 ).
Encryption is another technology that provides security to information resources.
Encryption is a process of putting a message in a format that can only be interpreted by the

Information System Security 3
authorized receiver. The sender of the message uses a key which determines how the word would
be explained by the receiver. Whenever the letter falls into unauthorized hands, the news does
not make sense to them. The sender shares the decryption key, which is used to decode the
message. Data stored in a computer system are in an encrypted format such that it is secure since
no one can understand its meaning until it is decrypted using a secret key.
Similarly, authentication also enhances the security of the firm's information resources.
Authentication is a technical method of ensuring and promoting safety to a computer system.
Whenever a person wants to access individual files or information resources, he/ she must be
authenticated. Authentication is a process of proving that someone is really the one that he
claims to be (Barton and Tijey , 2016). This technology is commonly used even in our day to day
activities. One uses what he/ she is to prove identity. Biometric technologies embrace
authentication by determining to check people's traits such as fingerprints. The use of smartcards
is another way of authentication (He and Johnson, 2012). The most common authentication is the
use of passwords, which proves that before anyone is authorized to access any information in the
system.
However, when it comes to security issues, endpoint protection tools serve this role
arguably well. In most organizations, they employ these technologies and tools to protect their
information resources from various threats—endpoint protection TCP/IP network by monitoring
access by devices such as computers. The security features of endpoint protection include
activity monitoring, malware threat detection, and data encryption. Kaspersky is an example of a
trusted malware threat protection that has many users globally (Nazareth and Choi, 2015).
In conclusion, information value has increased in greater heights, expanding the number
of threats in the systems. Network and security administrators, therefore, have to be more

Information System Security 4
careful. The number of risks increases daily due to the daily growth of technology; in this regard,
network and security administrators must ensure that their tools and mechanisms are up to date.
Some security tools and techniques have been discussed in detail; such tools and technologies
include authentication, endpoint prevention, encryption, and use of firewalls.
5a) Domains That Make COBIT Framework
Control Objectives for Information and Related Technologies (COBIT) is a tool for
management and governance using information technology skills. COBIT allows clear
policy and better practices for I.T to be developed that controls the
entire organization. The case study will discuss the four domains of
COBIT, and it is essential.
The first COBIT domain is Plan and Organize (P.O.). In this domain strategy and
tactics are covered. This shows positive effects of IT that help business to improve and to
achieve business goals and objectives. Strategic plans in a company require to be planed, and
vision clearly stated, communicated, and managed for the realization of business objectives
(Watters and Keane, 2013). Technological infrastructure and proper organization are put in place
by this Domain. Does the Domain address some ,
managerial questions such as;who do not understand IT objectives in an organization? Are I.T.
and business strategy aligned? Is the value of I.T. suitable for business objectives?
Acquire and Implement (A.I.) is the second Domain of COBIT. To realize the I.T.
strategy, I.T. solutions requires to be known, obtained and developed, together with
implementation and integration into process of the business. However, “maintenance and roll out

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information System Security 5
of systems in place are explained by this Domain to ensure the solutions will continue to
meet objectives of the business” ( Van Grembergen, 2013) The following
management questions are asked in this domain when implemented, do the
new systems seem to work well? Will the new projects be appropriately
implemented within the budget and on time? Will new projects bring
solutions with the business need?
The third Domain of COBIT is Deliver and Support. The Domain
concentrates on delivering required services. The activities in this Domain
include the following; delivery of service, users service support, management
of data, security management and development, and operational facilities
management (Barton, Tejay, Lane and Terrell, 2016). The following are the
management questions that this Domain asks; is there adequate,
confidentiality, integrity, and availability in the place? Is it services availed
together with business objectives? Do staff have skills to work with I.T.
systems smoothly and safely? Does the I.T. have optimum costs?
The fourth and final COBIT domain is Monitor and Evaluate (M.E.). I.T.
processes are assessed regularly on the as time goes by for both their
quality and control requirement compliance (Norman and Yasin, 2012). The main
activities of this Domain include internal control and monitoring,
performance management, providing governance, and regulatory
compliance. Typically, the following management questions are asked in this
Domain; Do I.T. performance and business goals link? Is it possible to
measure and report risk, control and compliance? Can I.T. adverse effects be

Information System Security 6
controlled before its too late? Is internal power-efficient and valid according
to management?
5b) Benefits of Adopting COBIT Framework
COBIT, as it has been discussed early, it has vast benefits to workers and to
the organization. Below are the benefits of COBIT to the organizations
adopting it:
 It keeps and maintains I.T. related risks at low and acceptable levels.
 The organization achieves excellence at the operational level through
efficient and reliable technology.
 COBIT optimizes the cost of I.T. services and technology.
 Organizations maintain information of high quality to guide them in
decision making.
 Organizations adopting COBIT supports laws compliance, regulations,
and contract bindings and policies (De Haes, Van Grembergen and Debreceny,
2013).
With those significant benefits of the COBIT framework, most
organizations over the years continue to enjoy those advantages (Breier
and Hudec, 2012). The advance of technology also allows COBIT to grow,
increasing the leads to the organizations.

Information System Security 7
References
Barton, K.A., Tejay, G., Lane, M. and Terrell, S., 2016. Information system security
commitment: A study of external influences on senior management. Computers & Security, 59,
pp.9-25.
Breier, J. and Hudec, L., 2012, October. New approach in information system security
evaluation. In 2012 IEEE First AESS European Conference on Satellite Telecommunications
(ESTEL) (pp. 1-6). IEEE.
De Haes, S., Van Grembergen, W. and Debreceny, R.S., 2013. COBIT 5 and enterprise
governance of information technology: Building blocks and research opportunities. Journal of
Information Systems, 27(1), pp.307-324.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Information System Security 8
He, Y. and Johnson, C.W., 2012. Generic security cases for information system security in
healthcare systems.
Mangalaraj, G., Singh, A. and Taneja, A., 2014. I.T. governance frameworks and COBIT-a
literature review.
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E. and Wieringa, R., 2019. An
integrated conceptual model for information system security risk management supported by
enterprise architecture management. Software & Systems Modeling, 18(3), pp.2285-2312.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Norman, A.A. and Yasin, N.M., 2012, July. Information systems security management (ISSM)
success factor: Retrospection from the scholars. In European Conference on Information
Warfare and Security (p. 339).
Watters, J.P. and Keane, M., iSIGHT Partners Inc, 2013. Information system security based on
threat vectors. U.S. Patent 8,438,644.