Introduction to Information Security

2021-05-06 14:12:37
4 pages
1219 words
University/College: 
Type of paper: 
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Information security, otherwise called InfoSec is the protection of crucial information from access to unauthorized personnel. In this manner, information security serves to ensure that information is defended from use, disruption, disclosure, perusal, modification, recording, inspection and destruction. Information security relates to any type of data either physical or electronic to ensure that only the right personal access such information and avoid crucial information spilling to unintended destination and reaching unauthorized personnel. To ensure that there is effective security to any information; it is of great importance to employ various technologies to limit effects from computer wizards rampant in the modern society, a characteristic of the information age. Effective information security therefore comprises of tools, processes and policies that help in detecting, preventing, documenting and countering any threats relating to information either digital or non-digital. In this manner, the policies and processes usually incorporate both digital and physical security measures necessary to combat any tampering with data.

The large operations at Richman prove the need to invest highly on information security. This is due to the huge investments that the company has in the fashion industry and the relevance of information technology for the organization. The company attracts huge numbers of customers through online advertisements proving the need to tighten any loopholes on security of information to avoid any possible breach of security on the important information of the company. Richman therefore invests highly on the management of information security among them being encryption key management, mantraps and malware detection. The fashion industry is volatile and the stiff competition from other players in the fashion industry, therefore, proves the need to maintain the confidentiality, availability and integrity of any information technology systems and any business data at Richman. To ensure security of information, Richman employs a dedicated security group to aid in the maintenance and implementation of the information security program of the organization.

Solutions to Information Security

There are various solutions to information security management that Richman employs in the running of its businesses. The first solution is the Unified Threat Management (UTM). UTM greatly helps in running of various devices side by side thereby protecting against individual threats. The UTM also has the ability to handle different types of network security scenarios and which combat any threat to information at Richman. Some of the advantages of UTM are that it is composed of less hardware, has a lower expense in its operation, the management is simple and simpler patch management. However, some of the disadvantages of the system are that it has a single point of failure, a characteristic vendor lock-in, and the difficulty of management in large scale environments and the limited set of features. The second solution to information security that Richman employs is Identity and Access Management which greatly helps in filling the loopholes by the Active Directory and helps in improving the efficiency of the of the information technology shop. In a more general sense, the Identity and Access Management helps in improving self-service, automation, policy enforcement and reporting and auditing in the organization.

The third solution to improvement of information security is the Next-Generation Firewall (NGFW). The NGFW greatly helps in enhancing information security through various features among them being application awareness, stately inspection, identity awareness (User and Group Control), Integrated Intrusion Protection System (IPS), Bridged and Routed Modes and it also has the ability to accept external intelligence sources. Moreover, the other solution towards the improvement of information security is the endpoint protection and thus greatly helps in closing all security exploits from unauthorized personnel. Endpoint protection gets a boost by the application of the antivirus and antimalware software. Antivirus has undergone various stages of evolution due to the development computer viruses in the modern society hence the need to develop higher level antivirus and anti-malware categories. This ensures that in addition to protecting information from viruses and malware, protection against worms, Trojans, phishing among other threats is also improved.

Access Controls

Access controls are the techniques that help in regulating who and what can view the information in a computing system or a computing environment. The two main access controls that Richman employ are the physical and logical. Physical access control limits access to buildings, physical IT assets and rooms while the logical access control limits computer connections to system files, networks and data. However, the four main categories that Richman employs in its operations are the mandatory access control, discretionary access control, role-based access control and rule-based access control. The combination of the four access controls greatly help in ensuring that there is the proper authorization, access approval, accountability, identification, and authentication of entities. Such security measures are possible through the provision of login security checks in order to access information from various the computing hardware and software in the organization. Such security check require that in order to access the company information, one must provide personal information among them passwords and personal identification numbers (PINs) and undergo biometric scans and provide electronic otherwise physical keys before getting access to the information that they require.

Policies, Standards and Procedures for Information Security

The information security policies, standards and procedures greatly help in the provision of the required support for the security professionals at Richman. The standards and procedures also give the security professionals the opportunity to reduce the risks that might affect the business and reduces the occurrences of internal and external threats. The information security policies, standards and procedures at Richman are as short as possible making it possible for the large number of employees to understand and uphold the information security guidelines. Besides, the policies are tailored to the employees and specific to the lifestyles and educational level of the employees to ensure that they perfectly fit the workforce. Moreover, the information security is aligned to the business and the legislation and the regulatory frameworks within which Richman operates.

The information security standards, policies and procedures therefore clearly outline the document control of the relevant information at the organization, define the location of the document, provide avenues through which history of any information stored can be revised and gives an opportunity for approving the required information at the organization. Distribution of information is also stipulated through a well-orchestrated means making it possible to ensure that only the suitable parties can manage the information of the organization. Finally, the information security policies, standards and procedures define the responsibility of every professional in the organization.

The information age comes with various complications and it is the onus of firms to develop suitable ways through which they can manage information to make maximum use of information available in the organization. Improper management of information would result to various consequences to the organizations and might lead to premature closure in extreme cases. The information security professional should therefore put great interest in the management of information and ensure that access to company information is restricted personnel to avoid any challenges and ensure that there is fulfillment of organizational goals.

Bibliography

Peltier, Thomas R. Information security fundamentals. CRC Press, 2013.

Whitman, Michael, and Herbert Mattord. Management of information security. Nelson Education, 2013.

Crossler, Robert E., Allen C. Johnston, Paul Benjamin Lowry, Qing Hu, Merrill Warkentin, and Richard Baskerville. "Future directions for behavioral information security research." computers & security 32 (2013): 90-101.

Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security management." (2013).

Have the same topic and dont`t know what to write?
We can write a custom paper on any topic you need.

Request Removal

If you are the original author of this essay and no longer wish to have it published on the SuperbGrade website, please click below to request its removal: