Securing and Protecting Information Essay Example for Free

Securing and defend Information EssayThe specific purpose of this paper is to describe the authentication routine and to describe how this and other information hostage considerations will affect the design and development process for new information systems. The authentication process is a exigency for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last tho not least solution attacks just to name a few. In addition, it is imperative that authentication policies be interchangeable with the arrangements in which information is being exchanged if resources argon being shared between alternative nerves. Authentication in definition is simply proof that something is real or what it is meant to be. Public networks as well as private networks to implicate the internet use passwords as authentication to authorize logins. Data is required and is filtered through the password database if an effort to en indisputable that the user is authentic.Also, before anyone is allowed to access an organic laws intranet they must first be registered by someone that has the appropriate credentials to authorize them to gain access. There are plenty of businesses and alternative in the need of additional authentication methods and one method worthy of mentioning is the utilization of digital certificates issued and verified by a Certificate Authority or as commonly used the acronym CA. This process includes the creation of a strong password and an account lockout policy is created, logon hours are assigned, a ticket expiration policy is created, and time synchronization tolerance to prevent replay attacks is set just to name some of what this process consist of. There are some things that must be taken intoconsideration when a new system is design.Securing and Protecting InformationWhen a team is appointed to design s a new system, that team must run into that all systems are not the same and that they all have their own unique attributes in their own way but the thought process must be the same in regards to security. It is quite challenging to insure that the application integration setting functions properly in a way that does not via media the security needs. Security is especially needful in applications that require systems in a company to be streamlined. Integration services might lead to security breaches because of the integrated systems and the holes that may exist during the integration process. To try to alleviate this from occurring, data security should be integrated into the System Development Life Cycle (SDLC) from its generator phase. This focuses directly on the intimacy security sections of the Syetsm Development Life Cycle.First, an outline of the key security roles and responsibilities should be speeched to insure that e preciseone involved knows what is expected. Sec ond, ample data concerning the System Development Life Cycle is provided to permit anyone who is unfamiliar with the System Development Life Cycle method in order that they may bobby pin the connection between data security and also the System Development Life Cycle There are several ways exist that could be employed by a corporation to effectively develop a data system. A conventional System Development Life Cycle is know as a linear sequent model. The linear sequent model assumes that the systems are red to be delivered at a point near the apex of its life cycle. Another SDLC technique uses the prototyping model that is commonly accustomed to development and understanding of a systems needs while not genuinely developing a final operational system. Complicated systems need continuous additional constant development models.Securing and Protecting InformationInformation system policies address security threats that may be harmful to a company. Sadly, in that location is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping toinsure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe. When a security policy is developed, it should be well defined and the information in it should be clear and ostensibly understand and the objectives should be well defined so that there will be no confusion. Conversely, a data system with security policies is probably going to have an assortment of countermeasures that address a range of threats. Policies, standards, guidelines, and coaching materials that are known to be obsolete and not enforced could be dangerous to a corporation due to the data being outdated.As a result, management is basically drawn into th inking that security policies do exist within the organization when actually that is not the case. Counter measures which are outdated does not do an organization any good because without the appropriate patches in place, the organizations network could have holes which would leave them extremely vulnerable. All organizations need to be compelled to actively put their security systems to the test and in addition they could even go as far as hiring an outside firm to ping the system to see if any holes appear that could leave the companys system vulnerable. Of course there are preventive roles and measures that could and should be taken. Data security should be a crucial area of concern for small business owners. Knowledge of security conformism is no longer merely an area of financial concernSecuring and Protecting InformationAs more and more data moves out of the file footlocker and into the electronic space, Information Technology departments will play an integral role in comply ing with all of the security policies. Once you take into account all the necessary information stored from economic re stack to customers data, it is not difficult to discover why only a single breach could seriously affect a business. With a rate of basic steps and a few sensible on-line habits, youll prevent yourself from turning into simply another victim of cyber crime. (Ratha, Connell, Bolle, 2001) Some of the preventive roles and measures mentioned above are as follows implementing sturdy strong passwords, use a mixture of capital and lower-case letters, symbols, and numbers and create it eight to twelve characters long, acquireanti-virus/anti-malware software packet, and last but not least, ensure your personal computer (PC) is properly patched and updated. It is important to mention that there is very little purpose in installing a very effective software package if it is not going to be properly maintained.As Watchinski explains, while applications arent 100% fool-proof s, its necessary to frequently update these tools to facilitate in keeping users safe. It is also worthy of mentioning that scheduling regular backups to AN external drive, or within the cloud, may be painless thanks to make sure that all of your knowledge is kept safely. It must also be mentioned that it is not uncommon for an unsuspecting worker to click on a link or transfer an attachment that they believe is harmless just to realize later that the link contained malicious software that has compromised the companys network. It is extremely important to inform your staff to practice safe on-line habits and beieing proactive with defense is crucial. Employees have a crucial role to play to keep your business and its knowledge secure.Securing and Protecting InformationTo touch on systems and devices in reference to security, security refers to providing a protection system to ADPS resources such as the central processor, memory, disk, software package programs, and most significan tly data/information keep within the ADPS. As a part of the data systems security management, there are square measures marginal devices installed so that the regulated community so to speak will listen. These peripheral devices will create an unseen threat (insider/third party threat). (Workman, Bommer, Straub, 2008) There are certain devices that appear to be harmless but could prove to cause issues such as USB devices (commonly known as flash/thumb drives), USB patch cords with mini/micro connectors, and Electronic notebooks just to name a few. In conclusion, security authentication is extremely necessary and relevant in the protection of an organizations information.ReferencesCMGT/400-Intro to Information Assurance and SecurityDArcy, J., Hovav, A., Galletta, D. (2009). User awareness of securitycountermeasures and its impact on information systems misuse a deterrence approach. Information Systems Research, 20(1), 79-98 Myers, J. G. (1997). fair authentication and security la yer (SASL). Zhu, J., Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. Consumer Electronics, IEEE Transactions on, 50(1), 231- Sandhu, R., Samarati, P. (1996). Authentication, access control, and audit. ACM Computing Surveys (CSUR), 28(1), 241-243. Rocha Flores, Waldo, Egil Antonsen, and Mathias Ekstedt. Information security knowledge sharing in organizations Investigating the effect of behavioral information security governance and national culture, Computers Security, 2014.