Government agencies and private businesses, whether domestic or foreign, heavily depend on information and technology for their crucial operations. The shift to a digital economy has made it imperative to safeguard these valuable assets. Hence, reliable and well-designed security programs are recognized as essential for protecting both physical materials and computer systems.
Both private and public organizations have been developing programs for information system guidance, standards, and implementation strategies. These efforts aim to address various aspects of information security. To support and guide these initiatives, organizations have established implicit and explicit security principles for their information systems.
The security principles mentioned in this text can serve as a reference for users, engineers, and designers in the creation of information system security programs (Wood, Smith, 2005, p. 23). For any organization to establish security
...principles for its infrastructure, it is crucial to designate an individual responsible for information security. Additionally, the organization should assess potential threats from threat agents that could impact its recently acquired information assets.
To protect the organization's data, it is important to identify and assess its assets for vulnerability regularly. This is a crucial part of the security policy. The responsibility for information security lies mainly with lower-level employees, who progress upwards in a bottom-up manner. This approach utilizes the technical expertise of lower-level employees to ensure effective information protection.
The top-down approach can be employed in an organization to guarantee information infrastructure security. This approach starts at the highest organizational level and trickles down. Security plans initiated by top-level managers are supported to ensure their effectiveness. The chief information security officer assists in the development
and implementation of the security plan. Another approach to safeguard information infrastructure is through the use of a human firewall.
This paragraph emphasizes the importance of maintaining security in an organization and the necessity for all employees to understand its significance and implementation. Before implementing security measures, organizations must have a comprehensive understanding of security principles, including different methods that can be used to target information. Some common threats to information security include distributed denial of service attacks conducted by crackers, social engineering techniques utilized by spies, employees trying to guess others' passwords, and hackers creating back doors.
To guarantee robust and efficient security for its information infrastructure, an organization must establish defense mechanisms to counter potential threats. This entails embracing practical security principles such as layering, which is the initial principle.
This approach or principle provides multiple defense barriers that can coordinate different types of attacks on the organization's information. It is important to organize the information security in layers and ensure proper coordination for effectiveness (Wood, Smith, 2005, p. 34). Another principle is the limitation of practical security, where the organization restricts access to its information.
The principle of granting access to data is important, and should only be given to authorized individuals like staff members and stakeholders. Restrictions on access need to be enforced for people or programs that interact with stored databases on servers or computers. The level of access granted should be based on the needs and abilities of each individual. Furthermore, the idea of practical security layering is closely linked to the concept of diversity.
To ensure the security of data in an organization,
it is important to create multiple layers of protection. These layers provide a safeguard in case one layer is breached, preventing attackers from using the same method to access other layers. By implementing different levels of defense, even if one layer is compromised, it does not mean that the entire system is compromised. For example, a firewall can be set up to filter a specific type of traffic, while another firewall can be used on the same system to filter a different type of traffic.
Using different firewalls can create a greater diversity among vendors and their products. The principle of obscurity involves obscuring internal movements and avoiding clear behavior patterns within an organization or system, making it more difficult for outside attacks (Wood, Smith, 2005, p. 54). Lastly, the principle of simplicity highlights the challenges of understanding, feeling secure about, and troubleshooting complex security systems.
Simplifying the system, both internally and externally, poses challenges that organizations must address. In addition to the five basic security principles, there are other factors that organizations should consider to ensure information infrastructure security. Organizations must prioritize effective authentication methods such as access control, authentication, and auditing. The process of authentication involves verifying identity.
The text examines three primary security methods: password/ID number, smart card, and fingerprint. Numerous organizations employ the conventional approach of assigning a distinct password and username to users in order to safeguard their data and information. Nevertheless, it has been demonstrated that relying solely on password authentication does not offer genuine security for information systems. The server examines the password and username values in plain text to locate a match.
Users
who comply with the password authentication protocol in modern implementations will be given access. This protocol allows for various authentication methods (Wood, Smith, 2005, p. 41). Organizations have the option to use the challenge handshake authentication protocol as a more secure method of establishing system connections instead of passwords. In this protocol, users enter their password and it is subsequently transmitted to the server.
The server sends challenging messages to users' computers, then checks the response by comparing its own calculation to the expected value. If there is a match, the authentication is accepted, otherwise, the connection is terminated. Organizations can also use tokens to secure their information infrastructure and systems. A token is a device that, when embedded and given appropriate permission, authenticates the user.
In terms of security, tokens are similar to certificates. Tokens contain the access and privileges of the bearer, much like a certificate. Unlike passwords, which rely on knowledge, tokens rely on possession. In conclusion, organizations should utilize practical security principles in conjunction with other security measures to ensure effective and efficient security for their information systems and infrastructures.
- Internet Privacy essays
- Cyber Security essays
- Attitude essays
- Goals essays
- Personal Goals essays
- Personal Life essays
- Personality essays
- Principles essays
- Reputation essays
- Self Awareness essays
- Self Esteem essays
- Self Reflection essays
- Self Reliance essays
- Strengths essays
- Value essays
- Values essays
- Weakness essays
- Who Am I essays
- Agreement essays
- Business Law essays
- Common Law essays
- Community Policing essays
- Constitution essays
- Consumer Protection essays
- Contract essays
- Contract Law essays
- Copyright Infringement essays
- Court essays
- Crime essays
- Criminal Law essays
- Employment Law essays
- Family Law essays
- Injustice essays
- Judge essays
- Jury essays
- Justice essays
- Lawsuit essays
- Lawyer essays
- Marijuana Legalization essays
- Ownership essays
- Police essays
- Property essays
- Protection essays
- Security essays
- Tort Law essays
- Treaty essays
- United States Constitution essays
- War on Drugs essays
