IT Management essay help on: Information security

IT Management essay help on: Information security

1. INTRODUCTION:

Assignment Expert Australia

Information security has been referred to as a type of security for the information that consist the tasks. Information which is currently being used within the organization & can be of some use for some other person shall be secured. Some of the information which shall be secured refers to the employee data account, project data etc. Such type of information shall be secured form the outsiders who might misuse the same.  The report has been formulated to explain the different types of threats which might affect the functioning within the enterprise. The report has been designed in order to explain the various threats & their types, the adverse effect of the threat which might hamper the growth of the organization. This report also keeps in mind i.e. what are the security measures, plans that have to be taken into consideration while keeping in mind the information security of the organisation as well as development of the information security education which would provide different types of awareness programme for the management, staffs members, contractors, etc.

2. OBJECTIVE:

                  The main objective with which this report has been formulated is to find out the different types of threats of information security which might occur within the enterprise. It shall be kept in mind that, the information within the organization shall be kept safe & secure. In order to do the same, various training programs shall be done which would help the members within the enterprise to take a step forward so as to keep high levels of information security of the organisation

3. Scope:

        The scope of the information security is to keep all the Information’s safe and secure from the threats within the organisation. This will help the organization to survive in a safe environment without having fear of attacks from the person who want to misuse the important information of the organisation and affect the overall organisation by leaking, corrupting or hacking the files or documents of organisation.

4. Identification and description of organisation holdings that may be at risk:

Organization refers to the combination of employees, employee information, assets & other useful things. Therefore, anything which combines to form an enterprise would be referred to be unsafe. It must be well stated that, without a proper security plan the following things shall be covered under the risk holding category. It is as follows:

Þ    Physical holding at risk

Þ    Human holding at risk

Þ    Electronic holding at risk

4.1 Physical holding at risk-:

Buy Assignment Australia                                  Physical holding at risk would be defined as the things which are able to touch and are not safe in the organisation from the unauthorised people or group of people either belonging within or outside the enterprise. Some of the physical holdings consist of the following such as manpower, machinery, files, organisation assets, furniture, decorative items, etc. All these things come under the risk category of physical holdings. Physical holding at risk has been defined as the information that is being attached in the file or the data which is the form that can be touched comes under the category of physical holding at risk.

4.2 Human holding at risk:

                             Human holding at risk consist of all those things that are related to only the humans working within the organisation such as the bags, personal things of the employees such as watches, wallets, phone etc. Therefore, it can be stated that things related to humans & which are personally related to them only comes under the category human holding at risk.

         In terms of information, the human holding at risk can be defined as the pivotal information of the human within the organisation that is not safe from any unauthorized person within the organisation. Hence, such type of information which is personally related people within an enterprise would be categorized under the sub heading human holdings at risk (John E. Canavan 2001)

4.3 Electronic holdings at risk:Essay Writing Tutor Sydney                                The last type of risk refers to the electronic holdings at risk under which risks from the various electronic gadgets   have been comprised. This category of risk mainly comprises of risk from the electric holdings such as computers, printers, fax machines, phone attendance punching machine, etc. Electronic items which are being used within the enterprise are used in order to simplify as well as increase the levels of effectiveness & efficiency within the same. When defined in terms of information, electronic holding risk would be defined as the information which can be accessed electronically within the enterprise & will help in the up gradation of data within the organization. Some of the electronic holdings which can be accessed are mails, fax, electronic networks, transfer of the data files, etc.

          The three types of holdings listed above would provide threats in the long run within the enterprise. These threats can be categorized as follows i.e. physical threats, human threats & electronic threats.

5. Identification and description of actual and physical threat to be organisation information holding are as:

5.1 Physical Threat:Assignment Help Australia                       Physical threat is a type of threat which occurs within the enterprise by the human beings such as unauthorised people or group of people which might misuse the information and in turn affect the overall functioning of the organization.

Physical threat harms each type of resource within the organisation. For example, if we talk about the physical threat over the physical holdings then we can say that the unauthorized person harms the physical holding by stealing them from the organisation or by breaking those things in the organisation. It must be seen that, the unauthorized people will steal the data files or any other relevant information, ear off the pages from the employee record books, etc (Joseph Migga Kizza, 2012). Some of the other type of physical threat which may be occurred on the physical holding of the organisation would be by breaking the furniture, not maintaining the office structure, maintaining the decoration of the organisation, etc. Not abiding by the same will affect the things which would harm the employee as well as the other staff members within the same (John E. Canavan, 2001).

           Looking into the definition of the physical threat over human holdings, it would refer to the fact that the human personal things and information is not safe physically. In the same way if we define physical threats in terms of electronic holding then we can say that it might harm the electronic information within the organisation which could be accessed using the various electronic devices such as computer (electronic mail, electronic card), fax machine, etc.

5.2 Human threats:

                              Human threats refer to the type of threats which would occur by the human in order to harm the functioning of the enterprise. Some of the threats which might occur will be terms of passwords, security codes, data stored, and confidential information stored within the various folders over the desktop. The data of organisation to the unauthorized group or the competitors who always want to access the information of the organisation and the main points comes under the human threat. Hacking done by either an insider or the outsider to use the relevant information refers to one of the major example of human threats within an organization (Warchalking, Spyware, Kerberos & Ip, 2012).Essay Writing Tutor Sydney   Keeping in mind the human threats on the human holding then we simply say that the threats occurred by the human on the other human being or on his or her things that are personally related to it (Zalewski, 2005). The human threats on the electronic holding then we can say that the threats or harm occurred by the human on the electronic things of the organisation either that were electronic devices or the information accessed by those devices. It considers the harm of the electronic things such as stealing or breaking the electronic devices of the organisation by the human beings who want to harm the organisation by doing these kinds of activities. And other human threats that involved in these electronic holding is to access the electronic mail from the server of the organisation in order to misuse the mail information of the organisation or in order to provide that information to other competitive person or organisation, human threats on electronic holding also occurred in the sense that accessed the files on the network at the time when they are transferring from one place to another from the organisation, or decode the coded information of the organisation. In this way the human threat occurs or affects the various holdings within the organisation.

5.3 Electronic threat:

   The electronic threat refer to the harm that are occurred by electronically towards the information of the organisation such as the employee of the organisation is transferring or sending the file over the network but immediately at that time the electricity Has gone and the information of file become unsafe or not reached near the person or organisation to whom the information have to be sent. Therefore, this type of threat within the enterprise comes under the electronic threat.

       Electronic threat affect on the physical holding defines as the harm occurred in the organisation by electronic devices or media to the physical things of the organisation such as the data files, furniture, and other valuable things of the organisation. For example if the short circuit takes place in the organisation so it’s a kind of electronic threat and it harms the data of the organisation  in the sense that all the physical items or things get burned. So it’s a kind of electronic threats that take place in the organisation and harm the physical things (Wang, 2009).

     The various effects of electronic threats towards the human holding then simply we can say that the harm to the human related things of the organisation by electronic devices or electronically. The harm which takes by the electronically to the human is that the things of the human get affected within the organisation by the electronic media. This threat harm the human in the sense as the person is working in the organisation and the electricity goes off in the organisation then in that kind of environment when there is no electricity in the organisation the human is not able to work in the organisation.

Hence, the affects of electronic threat on the electronic holdings then simply we can say that the harm faced by electronically to the electronic things known as the electronic threat toward the electronic holding. This kind of threat affects the organisation electronic holding by these senses suppose the person mail or file is being transferred over the network by the electronic devices present in the organisation and immediately at that time the electricity goes down of the organisation so the file and mail of the organisation get affected in the organisation so we can say that in these types the electronic data and other things within the organisation get affected by the electronically within the organisation (Dawson, Ed 2012).

6. Security plan that describes counter measure that will manage the threat to the organisations information holdingsAssignment Writing Tutor Australia                    Security plan is the steps taken by the organisation towards the various kinds of threat such as physical threat, human threat, and electronic threat on various kinds of holdings within the organisation such as physical holding, human holding, and electronic holding. In order to finish the harm of the organisation from which the organisation get harmed or affected. By adopting the proper steps by the organisation towards the security helps organisation to secure all the information and the things get affected by the unauthorized person or other kinds of things within the organisation. So in the future the organisation runs properly and smoothly without having the risk of any kind of harm to the organisation in any sense (Hendry & Mike 1995).

6.1 Security plans in terms of physical counter measures:

Security plans in terms of physical measure is known as the plan that keep safe the things and people by get harmed by physical things. In simple we can say that the physical steps towards the security of organisation such as-:

  1. 1.      Placing the touching sense alarm:

It means that, placing the touch alarms would be referred to as one of the most important aspects within the enterprise. It is quite an essential task as the things or the data would be placed within the safe zone criteria because it helps the organisation in case someone is going to access that things or data the alarm get ringed and that person or authority get failed to access that information or matter from the organisation in this way the touching sense alarm get works and helps in the information security and other holdings of the organisation by keeping the data safe

  1. 2.  Recruiting the security guards within the organisation:                                                      

By the recruitment of security guard within the organisation helps the organisation in providing security to the physical things such as the files furniture and other office made things of the organisation by maintaining the records of the person visiting to the organisation and keep checking that the person is not affecting or disturbing the things of the organisation and also checking that person at the time of leaving that he or she has not stolen any things from the organisation in this sense the by the recruitment of security guards to the organisation the organisation get relief towards the tension of the stealing or breaking important information and things from the organisation. And the organisation information get safe by the kind of physical harm (Siegel, 2001).

3. Installation of biometric services:

By installing the biometric services within the organisation it helps the organisation in the sense that the outsiders or unauthorized person who want to touch or access the information from the organisation are unable to access the information. Because by the installation of biometric devices earlier in the system the biometrics are get captured in the system data that which person and authority are able to access or to whom the organisation is providing the access rights so the only that persons or group are able to access the information except from that no one person either the insider of the organisation or outsider of the organisation able to access the information because if someone get tried to access the information the fingerprints, retina of iris, thumbs impression palm impressions do not get matched and the person get failed to access the important information of the organisation.

 

6.2 Security plans in term of human counter measure:

As early we have described the security plans taken in terms of physical counter so now we are describing the security plans in terms of human counter measure defines as the steps taken towards the safety of the information within the organisation that get affected by the human beings within the organisation such as the loss of the organisation data by the access of data by the human beings from the unauthorized access. Such as-:  it consist the safety of data and information from the organisation by taking proper steps towards the harm (Garfinkel,  2009).

Security plans in terms of human counter measure are as follows-:

1. Providing Password:

                           It means to provide the password to the information and data files of the organisation so the unknown person and the person who don’t have the authority to access that data either the insider employee of the organisation not able to access those files. Only that person who know the password of the information and data that is being sent in the locked manner are able to access that information and data (Bejtlich, 2004). By providing the password the threats occurred either by physically (Stallings, 2010) or by human activities get solved by the providing password because if the unknown person wants to access the information he or she not able to access the information in this way the information get secured within the organisation by providing the password. (Kabay, 2011)

 

2. Encryption of data:

                     As the harm occurred by the human to the information and data takes place (Migga, 2005). It get reduced by encrypting the data because these kind of threat occurred in the organisation while transferring the file from one place to another not in simple way that was in the encrypted pattern means the person who don’t have the proper coded information not able to access that inform only the person who have the right code to access the information which is in the encrypted form is able to access that particular information.

3. Not to leak out the information of organisation:

                                              It means it is the steps taken by the employee of the organisation in order to provide safety to the data of the organisation suppose in the organisation where there the important tasks that take place so there is also the need of security measures taken by the employee that who are working on that particular data (Atul, 2011) so the responsibility of that employee who are working on that is not to leak the information in front of outsiders and within the organisation who don’t have the need of that information professionally. In this way these kind of security measure is taken to keep the information secure towards the organisation.

6.3 Security plan in terms of electronic counter measure are as follows-;

                      Security plan in terms of electronic counter measure is defined as the taking possible steps towards the safety of the information data that being occurred electronically or the electronic devices within the organisation so the Harm that the organisation  face by the electrically or by the electronic devices that get reduced by adapting these plans.

The security measure that comes under this plan are as follows:

1. Insulated wiring in the organisation:

                            It means to secure the organisation from the insulated wiring so in future there is no chance that takes place to harm the information and data of the organisation in terms short circuit in the organisation takes place and all the important data of the organisation get burned. So, in this way the information and data of the organisation get secured by electronically (Sidnie, 1994)

2. Placing the high Voltage Electricity source in the organisation:             

                                                     

                               It means by placing the high voltage electricity source within the organisation the chances of loses data at the time of transferring and sending data from the organisation the organisation data become safe and there is no lose of data takes place from the organisation (Brent, 2000). In these way these security measure plan helps the organisation in keeping the data secure. And operation within the organisation operates smoothly and towards the bright future without having the fear of lose of the information from the organisation.

7. Comprehensive information security education and awareness programme for use by management staff members and contractors:

                        The security of information within a particular enterprise has been referred to as the main tasks for the enterprise. This is because without safeguarding the information will not lead to proper functioning of the enterprise. Securing the data or information will lead to high levels of profits and operate in a well secure environment. Some of the comprehensive information security education and awareness program which shall be used by the management staff members & contractors have been discussed in the section below. They are as follows:

  1. Conferencing:

          Conferencing refers to the first comprehensive information security education and awareness programme for use by management staff members and contractors. This means that, proper conference shall be scheduled within the organisation at particular date and time and inviting all the staff members for the conference as well as discuss the importance of information security & where will this information security heads towards too. The main agenda for the conference would be to make the employees aware regarding the types of data of information which would provide more sensible information within the organization. In other words, it shall be seen that providing proper knowledge to the staff members along with the contractors within the organisation will help to provide information security within the organisation.

2. Online training module:

                                   The second comprehensive information security education and awareness programme for use by management staff members and contractors would be to provide online training module. The online training module will provide training to the person within the organisation so they become more aware about the security concept. This would help the management staff members to operate properly within the organisation and keep the transaction within the organisation by keeping the security measures in the mind.

3. Giving proper training to particular person who handle important data:

                      The third comprehensive information security education and awareness programme for use by management staff members and contractors is to provide proper training to a particular person who will be able to handle more data. Providing proper training to the staff members, management people will help to discuss the various ways which would highlight the different ways with which important data could be handled within the enterprise so that the information is secured.

4. Information security pamphlets:

                                    It means to distribute the printed pamphlets to the employee and other staff members within the organisation. The printed pamphlets will take into consideration the common security views that are necessary for all the staff members within the organisation. This will help all the members to operate within an organization which strives towards generating high levels of profitability.

5. Computer ethics:

                             Providing the information to the all staff members within the organisation about the computer ethics means what all is the things or information within the computer that have under the risk pattern and wants the more security. Hence, there should no chance for corruption of those data within and from the organisation (Mike Hendry, 1994).

6. Launching information security handbook:

                                                 Comprehensive information security education and awareness programme for use by management staff members and contractors can be done with the help of the information security handbook. It means to launch the information security handbook in the organisation and distribute that handbook to the entire employee within the organisation so they get awared by all security measures that have to keep.

7. Demo videos:

       Lastly, one of the comprehensive information security education and awareness programme for use by management staff members and contractors refers to the demo videos. It shall be kept in mind that, showing videos of information security to all staff members. The video contains the point on which there is a need for security, as well as shows the various steps which might be taken into consideration in regards to the security of the organization. The demo videos which shall be shown to employees shall be in form of either moving images or power point presentations or slides etc. The demo videos would be referred to as one of the easiest methods to make the staff members understand the threats as well as the various security measures which shall be taken into consideration while working within the organization.

8. Conclusion:

         In the end it could be concluded that, security plan shall be formulated which would help in the necessary working of the enterprise goals. The security plan would help to attain high levels of profits within an organization. The security plan will help to maintain different types of records, strategies; secrets as well as the organization plan which would help to keep the organization secure. The security plan would be referred to as one of the most essential elements within the organization in order to follow the strategic plan of the same.

 If you want IT management Assignment Help study samples to help you write professional custom essay’s and essay writing help.

Receive assured help from our talented and expert writers! Did you buy assignment and assignment writing services from our experts in a very affordable price.

To get more information, please contact us or visit www.myassignmenthelp.Com

                download-button                chat-new (1)