Monday, May 13, 2019
Project Three - Information Security White Paper Research
Project Three - entropy credential White - Research Paper ExampleIt is essential to define a solid profits defense for handling cyber-attacks. We open divided security into two aspects i.e. technical and formal security. Technical administration Security After identifying the purpose, there is a requirement of identify weaknesses or vulnerabilities along with impact and types. Organizations have to consider the backdoors and the week points that may allow or trigger any threats to disrupt business operations by compromising an asset or information system. Moreover, a holistic approach is required to plough all risks and vulnerabilities, as every minor vulnerability can expand by cascading other risks in the system. At a technical standpoint, what needs to be protected hardw ar, applications or entropy? That is a call into question that must be addressed by shaping itself (Royal Canadian, 1992). The summary of this question can only be encountered by identifying and categori zing threats. As per (Dhillon, 2007) threats be categorized as Modification, Destruction, disclosure, Interception, Interruption and fabrication and implies on hardware security, data security and software security. Effective change management and configuration management procedures along with documentation are the most effective controls for minimize security vulnerabilities that may arise from incompatible modules or hardware qualifying from the system (Prin of computer security 2E2010). Destruction is associated with physical damage to a hardware bend, network device or software. Whereas, software destruction can be from a malicious code, Trojan or unwilling deletion of a kernel of any application etc. Similarly, data can also be deleted intentionally or unintentionally and can also be cause by malfunctioning device. Disclosure of data is proportional to confidentiality i.e. need to know basis. Data is easy to be stolen because the original copy be quiet seems intact, in sp ite of the data theft. Data types can be classified advertisement in to many types, once again depending on organizational requirements. For instance, trade secrets, upcoming financial results or long term strategic plans of the organization can be classified as top secret, whereas, customer information can be classified as confidential. Organizations conducting business online collect customer information via websites. Data can also be intercepted by unauthorized access to computing and electronic resources. Moreover, unauthorized remote can also result in accessing information from a remote location. Interruption can also cause system availability that may result from malfunctioned hardware or power outage. Moreover, interruption of services can also be caused from spread storm or network congestion that may cause denial of service. Lastly, fabrication refers to a perceptivity of transactions to a database. Fabrication is often conducted by unauthorized parties in a way that i s surd to identify the authentic and forged transaction. One of the examples of fabrication is called as Phishing. Moreover, asymmetric and symmetric encryption techniques are considered as per requirements. Moreover, non-repudiation can be prevented by third party certificate authorities. Formal System Security Management of information system security requires a development of organizational structure and processes for ensuring adequate security system and integrity. Likewise, for maintaining adequate security, an appropriate relationship organization is required for maintaining integrity of
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.