Security Report: System Security Management in Organizations

Verified

Added on 2022/08/14

AI Summary

This report examines system security management, emphasizing the importance of cybersecurity in protecting IT assets, data, and customer information. It highlights the use of various security systems, including identification and authorization methods, authentication, firewalls, and international standards like ISO 27001. The report discusses the role of Windows ACLs, information systems, and the need for regular updates and vulnerability management. It also addresses the impact of cloud computing, IoT devices, and data breaches, emphasizing the significance of security policies, risk assessment, and employee training. The report concludes by advocating for the implementation of comprehensive security measures, including VPNs, DMZs, and IT service management systems, to safeguard data and information within organizations. It also highlights the importance of employee education and the use of antivirus and firewalls.

2/7/2020
Running Head: SECURITY 0
Security
Report
Student name

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SECURITY 1
System Security Management
Firms are utilising security systems for protecting their IT-assets including
information and data of their business as well as customers. In addition, cybersecurity is
critical for securing entire processes and assets of an organization (Andrijcic & Horowitz,
2016). It is necessary to use proper systems for identification and authorization of identities.
Moreover, authentication can be used for bringing security controls in an organization.
Biometric authentication can be better for the security of the network.
An organization must use firewalls for protecting its assets from cyber-attacks and
cybercrimes (Bendovschi, 2015). In addition, many firms have used international standards
for managing all the functions. It will provide better security and privacy to the system as
well. Besides, cloud computing has used for managing all the business processes (Chen &
Zhao, 2012). ISO 27001 is a good standard for managing the security and vulnerabilities of a
network (Cobb, 2010). Many firms have considered Windows ACLs for managing all the
things in their infrastructure (Datameer, 2018). Without ACLs, it is not possible to get
permissions in the Windows. It helps in improving the file and making changes as per the
demand of the individuals. However ACLs needs to be dealt properly so that privacy can be
managed in the computers.
Moreover, the information system has used for managing all the processes. However,
it has required a high level of security from various types of issues (Fisch & White, 2017).
Most of the processes have used IDS systems and firewalls to protect entire connections in
the firm. In addition, all the computer systems must update through the latest patches, which
are providing by Microsoft. The operating system must secure from different types of issues
and challenges using the latest patches. In addition, an organization should compile their
vulnerabilities to reduce risks and threats as well (Humphreys, 2008).
Various kinds of security threats can occur because of vulnerabilities in the systems,
such as poor security, lack of firewalls, ACLs, and many more (Jansen, 2011). Many of the
modern day firms have utilised cloud computing for managing their works. Thus, security
policies and security systems must be used for protecting information and data from any
kinds of attacks through internet mediums (Klemash, 2018).
In addition, IoT devices has been utilised in various processes. Thus, it is necessary to
secure them using physical and technical security systems (Lin, et al., 2017). Moreover,

SECURITY 2
privacy is necessary for an organization related to data and information on business and
customers (Pearson, 2013). Besides, data breaches have affected the financial and reputation
status of an organization.
Furthermore, Windows systems can be managed using proper security applications,
which will monitor the network and server of an organization. In addition, an organization
should analyse all the vulnerabilities using risk assessment. The organization can use an
information security system for reducing all the vulnerabilities and threats (Peltier, 2016). In
addition, a basic security system should be used for securing all the devices in the network, as
hackers have used vulneraries to access the whole system (Soomro, Shah, & Ahmed, 2016).
In addition, most of the processes can be managed using security systems. Thus, the
organization must include secure systems and networks to secure their data and information
(Warren, 2011). In addition, basic processes can be used for security, such as training and
education, security plans, and incident management. A secure network is necessary for the
security of an organization as well as VPN and DMZ can be used for the security of the
network. Most of the organization has implemented international frameworks for managing
IT services, such as COBIT, PRINCE2, ITIL, ISO 27001, ISO 31000, and many others.
Employees must know about the various issues of computer systems and networks. It will
provide better security and privacy (Cobb, 2010).
Phishing is a common incident in an organization, which has happened because of a
lack of knowledge. Therefore, all the staff members must know about the rules and
regulations for using computer systems. Moreover, server monitoring systems can be used for
security and privacy of information in the organization (Lin, et al., 2017).
Most of the processes can be monitored using network monitoring software, which
will provide information about suspicious activities in the network as well. The organization
must implement security policies for all staff members. Viruses are a huge threat to the
organization. Many firms have included IT-service management systems to protect their data
and information. In addition to this, business processes might be handled utilising basic
services as well as emerging technologies. In addition, the firm should implement access
control policies to protect their infrastructure. Besides, most of the firms have used internal
processes to manage their security, such as VPN and DMZ.
In conclusion, the organization should develop and implement security policies to
secure their IT assess including data and information. Moreover, basic processes can be

SECURITY 3
managed using a framework as well. Security management system should be implement in
the organization for cybersecurity as well.
Moreover, basic services might be managed utilising antivirus as well as firewalls in
each workstation. Moreover, basic skills should be developed in employees to avoid security
issues and challenges. Entire workforce need to be trained on regular basis.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SECURITY 4
References
Andrijcic, E., & Horowitz, B. (2016). A Macro‐Economic Framework for Evaluation of
Cyber Security Risks Related to Protection of Intellectual Property. Risk analysis,
26(4), 907-923.
Bendovschi, A. (2015). Cyber-attacks–trends, patterns and security countermeasures.
Procedia Economics and Finance, 28, 24-31.
Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing.
International Conference on Computer Science and Electronics Engineering, 1(1),
647-651.
Cobb, M. (2010). ISO 27001 SoA: Creating an information security policy document.
Retrieved November 25, 2019, from https://www.computerweekly.com/tip/ISO-
27001-SoA-Creating-an-information-security-policy-document
Datameer. (2018). Challenges to Cyber Security & How Big Data Analytics Can Help.
Retrieved May 3, 2019, from https://www.datameer.com/blog/challenges-to-cyber-
security-and-how-big-data-analytics-can-help/
Fisch, E., & White, G. (2017). Computer system and network security (1st ed.). London: CRC
press.
Humphreys, E. (2008). Information security management standards: Compliance, governance
and risk management. information security technical report, 13(4), 247-255.
Jansen, W. (2011). Cloud hooks: Security and privacy issues in cloud computing. In 2011
44th Hawaii International Conference on System Sciences (pp. 1-10). Hawaii: IEEE.
Klemash, S. (2018, July 17). As cybersecurity threats grow, boards examine the options for
overseeing the risks. Retrieved from https://www.ey.com:
https://www.ey.com/en_gl/board-matters/how-boards-can-prepare-for-the-next-
cybersecurity-threat
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on internet of
things: Architecture, enabling technologies, security and privacy, and applications.
IEEE Internet of Things Journal, 4(5), 1125-1142.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security
for Cloud Computing (1 ed.). London: Springer.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 215-225.

SECURITY 5
Warren, E. (2011). Legal, Ethical, and Professional Issues in Information Security. Retrieved
from cengage:
https://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf