Term Paper on "Management Information Systems Security Plan"
Term Paper 9 pages (2417 words) Sources: 0
[EXCERPT] . . . .
An employee candidate should not be given access to secure areas since they may be able to retain a lot of information during their short time in the company and compromise the organization's security.As earlier defined, there are different security considerations for different employees. These depend on the internal policy for the specific group of people and on their work requirement. Generally, access to information is only provided to those who need it.
Separation of duties is a security control that reduces the change of violating the information security in an organization. It involves requiring more than one person to complete any task that has significant use of sensitive information to prevent this person from copying out this information.
Job rotation is the requirement that each employees can do the task of another employee. It may not be feasible in every organization but it increases the chances of employee abuse of the system.
Chapter 12
Factors that are likely to shift the IS environment include acquisition of new assets, vulnerabilities that are associated with technological developments, formation of new partnerships, shifts in business priorities, dissolution of old partnerships, training of employees on new policies, and hiring of new personnel.
The CISO is the person who determines if the IS group can adapt to change adequately. He maintains the IS profile of the organization and redevelops a new profile if needed.
The five domains of the maintenance model are external monitoring, internal monitoring, planning and risk assessment, vulnerabili
Continue scrolling to
ty assessment, and readiness and review. External monitoring involves providing awareness of new and emerging threats while internal monitoring involves maintaining an informed state of the network. Planning and risk assessment involves keeping an eye on the IS program while vulnerability assessment involves identifying specific vulnerabilities and their timely remediation. Readiness and review involves continuously improving the IS program.download full paper ⤓
The three primary aspects of IS risk management are assets, threats, and vulnerabilities. These three must be carefully monitored in order to be prepared for problems and remediate as soon as they arise.
No major changes are needed to the model presented in SP 800-100 because it is for use in IS management and is functionally usable as presented. It however, needs to be tailored for specific requirements on an ad hoc basis.
The ongoing responsibilities of security managers in securing SDLC relate to maintaining a contingency plan. The contingency plan must be ready for invocation upon notification. Key personnel should review the plan regularly to ensure strategies, components, and requirements are kept up-to-date.
A vulnerability assessment is the appraisal of physical and logical vulnerabilities in a technical or non-technical system.
Penetration testing involves simulating or undertaking certain attacks to test the compromise of a system and document vulnerabilities. It is conducted from outside a network to exploit system vulnerabilities.
Configuration management refers to the administration of configurations in an IS program while change management relates to administration of changes in strategies, components, or operation of an IS program.
A performance baseline is the minimum expected level of performance against which subsequent performance levels are compared.
Vulnerability assessment aims at identifying vulnerabilities within a system while penetration testing is a level above vulnerability testing and simulates attacks from malicious sources for a full security audit of the system.
The external monitoring domain within the maintenance model is aimed at providing early awareness when threats or vulnerabilities emerge in order for the organization to mount a timely response.
CERT is a website with a mailing list and sends advisories. Bugtraq is a mailing list with disclosures and announcements of security vulnerabilities. ISS is a website with a commercial focus on security products. NESSUS-DEVEL is a mailing list dedicated to the Nessus vulnerability test. Packet Storm is a commercial website focused on current security tools. Vulnerabilities ISS is a commercial website focused on commercial IDS and other products. The most effective is Bugtraq because it gives information on the vulnerabilities and documents how they can be exploited.
CERT stands for computer emergency response teams. There is more than one CERT depending on the vulnerability and the response. One is the USCERT.
The internal monitoring domain of the maintenance model is aimed at maintaining an informed state of the organization's networks, IS, and available defenses.
The planning and risk assessment domain of the maintenance model is aimed at keeping an eye on the entire IS program to identify risks and vulnerabilities that may be in the environment and take corrective action.
The vulnerability assessment and remediation domain of the maintenance model aims at identifying the vulnerabilities and take timely corrective action. It is important in an organization with a presence on the internet to identify vulnerabilities actively.
The five vulnerability assessment processes are internet vulnerability assessment, intranet vulnerability assessment, platform security validation, wireless vulnerability assessment, and modem vulnerability assessment. Internet vulnerability assessment refers to identifying and documenting vulnerabilities in the public-facing network while intranet assessment relates to the internal network of the organization. The platform security validation refers to identifying and documenting vulnerabilities in the IS system while wireless vulnerability assessment refers to identifying and documenting vulnerabilities in the wireless LAN of the organization. Model vulnerability assessment is actively identifying and documenting vulnerabilities in the dial-up modems connected to the network.
Digital forensics involves the preservation, extraction, identification, and documentation of computer media for root cause analysis. It is used as evidence to investigate during or after a digital attack, policy, or legal violation on… READ MORE
Quoted Instructions for "Management Information Systems Security Plan" Assignment:
“see instructions under resource files
How to Reference "Management Information Systems Security Plan" Term Paper in a Bibliography
“Management Information Systems Security Plan.” A1-TermPaper.com, 2014, https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402. Accessed 3 Jul 2024.
Management Information Systems Security Plan (2014). Retrieved from https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402
A1-TermPaper.com. (2014). Management Information Systems Security Plan. [online] Available at: https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402 [Accessed 3 Jul, 2024].
”Management Information Systems Security Plan” 2014. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402.
”Management Information Systems Security Plan” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402.
[1] ”Management Information Systems Security Plan”, A1-TermPaper.com, 2014. [Online]. Available: https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402. [Accessed: 3-Jul-2024].
1. Management Information Systems Security Plan [Internet]. A1-TermPaper.com. 2014 [cited 3 July 2024]. Available from: https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402
1. Management Information Systems Security Plan. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/management-information-systems/9622402. Published 2014. Accessed July 3, 2024.
Related Others:
Management Information Systems What Are Customer Relationship Essay
Management Information Systems
What are customer relationship management systems? How do they benefit business?
The role of customer relationship management systems (CRM) in businesses is to organize the many sources… read more
Essay 4 pages (1298 words) Sources: 0 Topic: Management / Organizations
Management Information Systems Security Term Paper
A different study conducted by Price Waterhouse Coopers (PWC) suggests that in the year ended 2013, the number of breaches reduced but the overall cost of these breaches increased.
In… read more
Term Paper 12 pages (3422 words) Sources: 6 Topic: Management / Organizations
Information Technology -- Managing Information Systems Essay
Information Technology -- Managing Information Systems
IT Consulting Team
Dirt Bikes USA
General and specific MIS Concerns
General Information System Security and Management Principles
Generally, modern business organizations must establish… read more
Essay 2 pages (564 words) Sources: 0 Topic: Management / Organizations
Security Self-Assessment Coyote Systems Security Self-Assessment Organization Thesis
Security Self-Assessment
Coyote Systems Security Self-Assessment
Organization Description
The company Coyote Systems develops enterprise software applications for the world's leading manufacturing companies. It has development offices in Chicago, Illinois, throughout… read more
Thesis 7 pages (2030 words) Sources: 1 Topic: Management / Organizations
Security Plan Case Study
Security Plan
The Maryland public safety education and training center deals with firearms training, public safety and education, and drug abuse resistance. The center is located on a 700 acre… read more
Case Study 9 pages (2681 words) Sources: 6 Topic: Computers / IT / Internet
Wed, Jul 3, 2024
If you don't see the paper you need, we will write it for you!
Established in 1995
900,000 Orders Finished
100% Guaranteed Work
300 Words Per Page
Simple Ordering
100% Private & Secure
We can write a new, 100% unique paper!