Wednesday, May 6, 2020

Management of Information Security Samples †MyAssignmenthelp.com

Question: Discuss about the Management of Information Security. Answer: Approaches to computer security There are ways to protect ones computer from the security threats. Anti-Malware The users must install anti malware software to protect their computer from all kinds of security threats. Anti-malware must have the capabilities to block spams, should block unwanted pop-ups, must have the capabilities to remove all kinds of virus from the computers, should have a facility to remove spyware. There is numerous anti-malware software in the market however, the users will have to choose the best anti-malware software for maximum productivity (Tsohou et al. 2015). Firewall A firewall is a network security program that protects ones system from unauthorised access, it basically enables or disables traffic based on a definite set of rules (Tsohou et al. 2015). Password Protection Passwords are a simple and easy way to protect ones device, but the users once set the password remain stick with that password in general, they never change their passwords which lead to vulnerabilities of the system. The users must alter their password from time to time be it an email address or online bank passwords to keep the personal data safe and secure. Data backup The users must back up their data from time to time, if the operating system crashes it may be possible that the users may lose valuable data, virus affected computer can lead to system failure too. The users must install backup programs in their system and should backup their data (Tsohou et al. 2015). Basic models used to implement security in operating system Graham-Denning Access Control model It is basically a security model that implements certain protection rules in the operating system. It consists of three different components-a set of objects, a set of subjects and a set of rights. The set of subjects includes process and domain. A set of right consists of create object, create subject, delete object, delete subject, read access right, grant access right, delete access right, transfer access right. Therefore, this model emphasises that both the set of subjects and a set of objects execute based on the set of rights (Stallings and Brown 2012). Military Security Model The information is ranked on the basis of an unclassified, confidential, secret and top secret. It provides the least privilege to the subject; it restricts the subject to access few objects for successfully accomplishing work. The system backup program may be permitted to access the files but do not have the permission to modify the file (Stallings and Brown 2012). Bell-LaPadula Model It is a state machine model which provides security and used for driving access control in government and army applications. The model comprises of the security classes for each subject and object respectively and those security classes are ordered by relation (Balamurugan et al. 2015). The physical security components that can protect ones computers and networks The physical security components for computers Biometric devices Biometric devices are used for capturing biometric data inputs in the form of fingerprints, facial images and voice recognition. It is a method to verify the identity of a living body (Ng et al. 2015). Cable locks With the help of cable lock, laptops can be protected from getting theft. It will also prevent others to access laptop without owners wish (Ng et al. 2015). Security Key The security key enables users to log in the system with a synced password. The users first have to plug in the flash drive, then have to enter the password integrated with the key, if the code matches the users can log in the system (Ng et al. 2015). The physical security components for network The network security devices are as follows- Active devices- Active devices consist of firewalls, malware scanning devices. Passive devices- Passive devices can identify the intruders attack thus can check the intruders entry into the system (Nimkar and Ghosh 2014). Preventive devices- Preventive devices scan networks and identify potential security threats. Unified Threat Management- UTM devices like firewalls serve all the above-said purposes (Nimkar and Ghosh 2014). Steps that organisations can take to improve their security In the organisations, the senior management handles all the resources and budget involved in the information security. The senior managers are aware of the fact that they should take the security issues very seriously, otherwise intruders will attack the system and make it vulnerable, the intruders can steal the private data of the customers (SearchSecurity 2017). i.The organisations know how valuable customers data is, so they take special measures to protect customers data. ii.The organisations create and maintain documentations of all the activities, they spend time, money to keep their company protected all the time (SearchSecurity 2017). iii.The organisations always keep themselves updated that means the computer systems are all updated ones, and the employees are aware of the modern systems. Outdated systems due to lack security updates are vulnerable threats so the companies always avoid that outdated system or software (SearchSecurity 2017). References Balamurugan, B., Shivitha, N.G., Monisha, V. and Saranya, V., 2015, February. A Honey Bee behaviour inspired novel Attribute-based access control using enhanced Bell-Lapadula model in cloud computing. InInnovation Information in Computing Technologies (ICIICT), 2015 International Conference on(pp. 1-6). IEEE. Ng, J., Bragg, D., Foladare, M.J. and Higgins, R.M., At T Intellectual Property I, LP, 2015.Device, system, and method for managing virtual and physical components of a network via use of a registry. U.S. Patent Application 14/743,465. Nimkar, A.V. and Ghosh, S.K., 2014. An access control model for cloud-based emr federation.International Journal of Trust Management in Computing and Communications,2(4), pp.330-352. SearchSecurity. (2017).10 good security habits for keeping your organization secure. [online] Available at: https://searchsecurity.techtarget.com/tip/Ten-good-security-habits-for-keeping-your-organization-secure [Accessed 19 Jul. 2017]. Stallings, W. and Brown, L., 2012. Computer security.Principles and practice (2 nd ed). Edinburgh Gate: Pearson education limited. Tsohou, A., Karyda, M., Kokolakis, S. and Kiountouzis, E., 2015. Managing the introduction of information security awareness programmes in organisations.European Journal of Information Systems,24(1), pp.38-58.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.