Login Signup
Verified Document

Security Implementation Of Capstone Project

Related Topics:
Computer Security Security Principles Biometrics Information Assurance
Open Document Cite Document

Information System Security Plan The information security system is required to ensure the security of the business process and make the confidential data of the organization secure. The organization's management is required to analyze the appropriate system to be implemented and evaluate the service provided on the basis of their required needs. The implementation of the system requires the compliance of organizational policies with the service provider to ensure the maximum efficiency of the system. The continuous update and maintenance of the system is required to ensure the invulnerability of the system towards the potential internal and external threats.

Data Security Manager and Coordinator

Develop Plan

Implement Plan

Employees Training

Test Safeguards

Evaluate Service Providers

Internal Risks

Change Passwords Periodically

Restricted access to personal information

Safeguard paper records

Report unauthorized use of customer information

Terminated Employees 1

3. External Risks 1

3.1 Firewall Protection 1

3.2 Data Encryption 1

3.3 Secure user authentication profiles 1

3.4 Secure access control measures 1

4. External Threats 1

4.1 DOS Attacks 1

4.2 Adware/Spyware 1

5. Data Protection 1

5.1 Backups 1

5.2 Updated Software 1

5.3 Complex Passwords 1

5.4 Protect Equipment 1

5.5 Regular Maintenance 1

Conclusion 1

REFERENCES 1

Introduction

The unpredictable and fragile environment of corporate industry has caused the extreme requirement to equip the business mechanisms and processes to be secured with the use of information security systems. These systems are required to make the work and communication procedures efficient and secure for the businesses and their clients so that the latest advancements in information technology can be fully utilized.

The effective information security system can be equipped in the business processes with the condition in which these systems are planned carefully in order for successful implementation and desired outcomes. An effective security plan is required to be developed which will not only provide the businesses with the efficiency in business processes and business transactions but the competitive security advantage will be provided to the company in order to make their business and customer related information safe (Dhillon & Backhouse 2000).

The current study is aimed to provide a comprehensive security plan in order to construct safeguards with respect to technical, physical and administrative practices so that the confidential and personal information of clients and employees can be kept safe.

1. Data Security Manager and Coordinator

The data security coordinator in an organization is responsible to coordinate the importance of the security system and security measures to all the employees in the organization. The coordinator is also liable to monitor if the employees are taking suggestive measures and operating the security system effectively (Whitman & Mattord, 2011).

1.1 Develop Plan

The plan with respect to the information security should be developed by the information security executive or manager. According to Whitman and Mattord (2011), the security manager has to develop the systematic organizational goals and objectives that should be addressed by the proposed security plan and should be in compliance with the organizational processes. Furthermore, the plan should be developed with respect to the allocated budget by the organization for the system development. Moreover, the appropriate processes should be developed in order to monitor the employees' practices in order to do the proper utilization of the system and specific procedures should also be generated to observe the efficiency of the security system. The system security should be prioritized with respect to the importance of business procedures and the important procedures and data should be categorized as most confidential so that the data can be made accessible to the authorized users only.

1.2 Implement Plan

The implementation of the security system takes place when the service providers for the security system are analyzed. The objective data and metrics are developed in order to rate the service providers and the best service providers in terms of cost efficiency, the degree to which the proposed system is compliant with organizational processes and service quality is selected. The agreement between the service provider and organization takes place and implementation process takes place. The effective implementation of the plan takes place when the policies and guidelines are deployed at the organizational level so that employees should follow in a strict manner in order to ensure the security of the system that is proposed for the security plan. The security manager then identifies the gap with the help of his security management group in order to observe the extent at which the organization's employees lack in order to follow the proposed...

Parts of this document are hidden

View Full Document
svg-one

The employees who need training should be segmented on the basis of their knowledge and department so that the effective means of training can be adapted in order to ensure the maximum learning by the employees. The departments and employees of the organization should be segmented with respect to the employees' contribution and liability in the organization. The employees should be informed about the benefits of the security plan so that the employees show proactive behavior towards the learning and implementing of the program. Furthermore, the trainers are required to be hired or outsourced to provide the employees with the training related to the operationalization of the security system (Whitman & Mattord, 2011).
1.4 Test Safeguards

The extent to which the security system tends to be safe should be analyzed by keen observation and assessment with the help of conducting the internal audits. The vulnerability of the system is assessed in which the system configuration and system scan takes place in order to analyze the adherence of the system towards the misconfiguration and process weaknesses. Moreover, it should be observed that how the employees are using the suggested practices in order to gain the optimum benefits of the system and continuous internal and external audit should take place to analyze the potential threats that can create bugs in the implemented system. The quantitative analysis should be used in order to keep track of the number of times the security system creates glitches so that the system vulnerability can be identified (Jain et al., 2006).

1.5 Evaluate Service Providers

The performance of the service provider with respect to the implemented security system is evaluated in order to find out if the system is achieving its desired objectives. Therefore, the compliance between system security manager and departmental heads is necessary in order to find out if the system has been proven vulnerable or not and if the system is able to provide optimum results. The organization can conduct survey in order to find if employees and customers are satisfied with the application and installation of new system. According to Jain et al., 2006, the metrics and statistical data based on the performance of the security service will tell the efficiency and effectiveness of the security system. The security manager should ensure that the service provider has been in compliance with the company and is refrained to neglect any aspect of the organizational policy. However, the evaluation of the system can be done with the help of the evaluation process conducted in special laboratories in order to assess the compliance of the security system with the organizational requirements. These process include Nationa-Information-Assurance-Partnership (NIAP) and Cryptographic-Module-Validation-Program (CMVP).

2. Internal Risks

The security system that is being implemented should be able to address the internal risks that may threaten the confidential information of the organization and can cause the misuse of client and business data. The potential internal risks are discussed below:

2.1 Change Passwords Periodically

The employees often change their passwords which threaten the confidentiality of the organizational information. Moreover, when employees use complex passwords then they need to memorize those passwords every time they change it. It becomes difficult for employees to create complex passwords periodically and remember them. They cannot use the previous password alternatively because if any of those passwords are encrypted then unauthorized user will get unlimited access (Tipton & Krause, 2003).

2.2 Restricted access to personal information

The personal information related to clients and the exchange of data and information from clients to the organization should be restricted from the certain level of employees and the accessibility of that data should be refrained from the internal employees and users with the help of making secured VPN and it should be ensured that only specific users can access that data. The access to such data can be limited by making Layer-3 firewall to help control the client traffic in order to deny and restrict the access. Moreover, the information should be encrypted in such that only authorized people can utilize it (Kaufman et al.,2002).

2.3 Safeguard paper records

The paper records that mainly consist of transactions, agreements and policies should be encrypted properly in order to encode the papers in such way so that only authorized personnel can read it.

2.4 Report unauthorized use of customer information

The policy guidelines of the organization should provide the proper reporting with respect to the reporting of unauthorized use. Kaufman et al.,(2002) implies that direct guidelines should be made that tells employees whom to report immediately if they find that the customer information is being used by someone who is…

Continue Reading...
Sources used in this document:
REFERENCES

Baskerville, R., & Siponen, M. (2002).An information security meta-policy for emergent organizations.Logistics Information Management, 15(5/6), 337-346.

Dlamini, M.T., Eloff, J.H., & Eloff, M.M. (2009). Information security: The moving target. Computers & Security, 28(3), 189-198.

Dhillon, G., & Backhouse, J. (2000). Technical opinion: Information system security management in the new millennium. Communications of the ACM, 43(7), 125-128.

Jain, A.K., Ross, A., & Pankanti, S. (2006). Biometrics: a tool for information security. Information Forensics and Security, IEEE Transactions on, 1(2), 125-143.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security Implementation of Microsoft Windows
Words: 1851 Length: 6 Document Type: Research Proposal

Window Security Implementation Scenario NextGard Technologies specializes in the network consulting services for small, medium and large organizations inside and outside the United States. Currently, NextGard has approximately 250,000 employees in 5 countries and the company corporate headquarter is located at Phoenix, AZ. However, the company decides to secure and upgrade its current network to enhance organization efficiencies. Currently, the company has 5 district offices at the following locations: New York City, New

Read More
Essay
Security Implementation
Words: 617 Length: 2 Document Type: Business Proposal

Room With a View Enterprise Risk Assessment The principle risk associated with the Data Security Coordinator and his or her role in the security plan is in properly training employees and selecting the proper service providers. Additionally, it is necessary to continually monitor and evaluate the progress of service providers to ensure that they are compliant with both enterprise and industry standards. Internally it is necessary to ensure that there is

Read More
Essay
Information Technology IT Security Implementation
Words: 3195 Length: 10 Document Type: Term Paper

Computer IT Security Implementation Provide a summary of the actual development of your project. Because small corporations have to work under conditions of conflicting information technology in many instances, the requirement of maintaining these systems details entails far too many time-consuming processes that have to be carried out. This allows for the business to work in a logical order and promotes a more logical approach to the making of business decisions. The end

Read More
Essay
Security Information Is the Power. The Importance
Words: 5012 Length: 15 Document Type: Term Paper

Security Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields

Read More
Essay
Security Issues and Features of
Words: 975 Length: 4 Document Type: Annotated Bibliography

The authors have expertise with Oracle databases and use examples from the enterprise products this software vendor provides to make their point regarding security of highly distributed networks. One of the more valuable aspects of this specific paper is the focus on how to create a multilevel secure environment in an enterprise. The authors have done enterprise-level database security work in their careers and this article and research communicate

Read More
Essay
Implementing Security
Words: 433 Length: 2 Document Type: Research Paper

Security Implementation Identity Management and Security Awareness Training Plan Strategy all departments. Duration and frequency: three sessions of one hour each. Technology developments that are used in permanently updating the company's security features must be communicated to employees. Update training sessions of two hours must be performed every three months in order to keep up with technology improvements. The training program must inform employees on the company's security guidelines. The administrative, technical, or physical

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now