Why Study Information Security? The study aims at providing knowledge on preventive measures against web attacks on computers, networks and the data stored in them. This security is also essential for protection against identity theft and the phishing of user information for financial gain, it will also equip an individual with the knowledge to help them differentiate and identify a genuine address from an address indicating fraud. The study of information security is also a career subject and has offered a large number of people’s jobs. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, …show more content…
Advantages
Confidentiality, Integrity and Availability (CIA)
CIA triad gives its users a very straightforward way to view, understand, contemplate, conceptualize and address problems that relate to information security. CIA triad is not so complex and can, therefore, be utilized by many smaller organizations that are only interested in the software security.
Parkerian Hexad (PH)
The Parkerian Hexad (PH) has many components of the CIA model, its added components offer a wide range of information security and complete model for securing the data today. As compared to CIA, PH has a wide coverage of utility and therefore can be adopted by big organizations. It also has most of the components of CIA making it a stronger system to utilize and can, therefore, be adopted by small organizations as well to strengthen their information security.PH does not only cover the software system but it also covers the hardware system which can be exposed to fraud and physical breaches.
…show more content…
Protecting information while at rest and motion is a part of the concept adopted from the defense in depth. Information saved in our computer systems may be exposed to so many threats like transfer of data from the system using a flash drive. To ensure the information is safe and well protected from such an incidence certain layers should be put in place. The three layers that help to conceptualize defense id depth include people who form the outer layer, network security forming the second layer, host-based security, and application security forming the inner layers respectively. These layers are formed from three controls (administrative controls, logical controls, and physical controls) in which the concept of defense in depth is based
Privacy and security issues have become one of the top concerns among computer users in today’s market. It has become a game of survival of the fittest in protection of your security. The only true way to defend yourself is knowledge. You should prepare your self against hackers, spammers and potential system crashing viruses and web bugs. Lets focus on how you can protect yourselves from the would be thieves.
Discussion A Describe the difference between EMR and Clinical Information Systems (CIS). What are the advantages and disadvantages of CIS’s? EMR is an electronic record of patient health information that is created by each encounter in any healthcare setting (Menachemi & Collum, 2011). Information in the EMR includes patient progress notes, medications, problems, vital signs, immunizations, laboratory and radiology reports and past medical history (Menachemi & Collum, 2011).
Computer systems are used throughout everyday lifestyles in order to make difficult tasks much simple. The government utilizes such systems in order to support their efforts in locating suspected terrorists throughout U.S. boundary lines. There are several software programs, which can be used in helping homeland security become successful. One program is known as the MATRIX, which is an abbreviation for the Multistate Anti-terrorism Information Exchange System. The MATRIX collects, analyzes, and exchanges terrorist and criminal intelligence data among state and federal agencies. It is a useful program because it contains data, such as criminal histories, driver licenses, and vehicle registrations. .
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
For an in-depth defence approach, case study provides a series of things that describe about what is working nowadays for a secure data.
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
A security certificate is like a special deportation warrant in which the Canadian government can deport any “non-Canadians” who they feel are a threat to Canada and its citizens. An example of this would be anyone that the Canadian government feels is involved with a terrorist group or organization will be deported using a security certificate. Some pros to the security certificate are it will help the Canadian government better protect Canada by deporting anyone who poses a serious threat to Canada, and its citizens. Another pro is it limited in use as security certificates have only been used 27 times since 1991, meaning the powers of the security certificates have not been abused as of yet. It is somewhat fair to the person a security certificate
It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.
The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...
For thousands of years cryptography and encryption have been used to secure communication. Military communication has been the leader of the use of cryptography and the advancements. From the start of the internet there has been a greater need for the use of cryptography. The computer had been invented in the late 1960s but there was not a widespread market for the use of computers really until the late 1980s, where the World Wide Web was invented in 1989. This new method of communication has called for a large need for information security. The internet allows people to communicate sensitive information, and if received into the wrong hands can cause many problems for that person.
Cryptography is the science and art of transforming messages to make them immune to attacks. The reason for adopting cryptography in any system is to establish a secured communication platform when other people (eavesdroppers) are listening. In particular, main function of cryptography is to provide end to end security of edge nodes. Encryption can be performed using symmetric and asymmetric key cryptography techniques of which symmetric algorithms encrypt and decrypt a message using the same key. If you hold a key, you can exchange messages with peers holding the same key. Several symmetric key algorithms are used among which Blowfish Encryption Algorithm, Data Encryption Standard (DES), 3DES (Triple DES), Advanced Encryption Standard (AES) are major concern of this paper.
Privacy exist wherever personal information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. The challenge of data privacy is to use data while safe-guarding individual's privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
In today’s society technology is used for everything. With the invention of computers and the internet this open doors to the cyber world. Today you can do almost anything without having to leave your home. The internet gives us the opportunity of shopping online, ordering food online, working from home and video chatting with friends and family across the world. Everyone has a computer and internet access in their homes. While the internet is really convenient it also opens doors for cybercrimes, loss of privacy and the need for computer security.