BSA/310
Control Types
Michael Thompson
BSA/310
October 25, 2013
Jack Davis
Control Types
In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:
Threats |Confidentiality |Integrity |Availability | |Denial of Service Attack |Low |Medium |High | |Power Supply Failure |Low |Low |High | |Malicious Code Infection |High |High |High | |Theft and Fraud |High |Medium |High | |Website Intrusion |High |High |High | |Unauthorized Data Access |High |High |Low | |The small business and companies should address and take care of the security holes and threats, and it should not be necessarily a complicated and costly process. The small business and companies need to have information security, for the following reasons:
If this compromise, the company reputation is at stake.
-The company may lose millions or even billions of dollars, and the reputations will be lost. Clients
Michael Thompson
BSA/310
October 25, 2013
Jack Davis
Control Types
In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:
Threats |Confidentiality |Integrity |Availability | |Denial of Service Attack |Low |Medium |High | |Power Supply Failure |Low |Low |High | |Malicious Code Infection |High |High |High | |Theft and Fraud |High |Medium |High | |Website Intrusion |High |High |High | |Unauthorized Data Access |High |High |Low | |The small business and companies should address and take care of the security holes and threats, and it should not be necessarily a complicated and costly process. The small business and companies need to have information security, for the following reasons:
If this compromise, the company reputation is at stake.
-The company may lose millions or even billions of dollars, and the reputations will be lost. Clients
References: Kawamoto, Dawn. (2007). “TJX says 45.7 million customer records were compromised.” Cnet.com. March 29, 2007. Retrieve at: http://news.cnet.com/2100-1029_3-6171671.html Lee, R Daniel. (2001) “SANS Institute InfoSec Reading Room: Developing Effective Information Systems Security Policies.” SANS Institute. Retrieve at: http://www.sans.org/reading_room/whitepapers/policyissues/developing-effective-information-systems-security-policies US-Cert. (2005). “Malware Threats and Mitigation Strategies.” US-Cert White Paper. May 16, 2005. Retrieve at: http://www.uscert.gov/sites/default/files/publications/malware-threats-mitigation.pdf