Bus 2202 Unit 7 Information Security Case Study
BUS 2202 Unit 7: Internet Trust, Security, and Privacy
UNIT 7: Information Security
UNIVERSITY OF THE PEOPLE UNIT 7: Information Security
In the textbook, it explains about three areas of accountabilities. They are Enterprise Security, Information Security, and Information Technology Security (Gelbstein, 2013). These securities are to protect information which is the assets of a company. A company must always comply with the laws and regulations, or even to the social norms relating to information security, and they should consider protection of the information as their duty. To maintain its information security, adopting appropriate control is needed. Here I will investigate the details of the three main areas of accountability …show more content…
Building Management: Some companies implement protection by installing the detection sensors, position sensors or cameras outside and inside the building to reduce the blind spot. Awareness of such devices could prevent an intrusion. It is also important to have internal rules and regulations such as the use of the personal device, or retired person’s PC with data, backup data, and synchronization to the cloud may need to be deleted to maintain the security level. By outsourcing to the security company, they could secure the building after-hours.
Access Control: Physically limiting access to the area is a simple and effective way to protect. Devices like key pads, locking device, biometrics readers are some options that company could apply (MSTech Solutions, 2017). Inappropriate control is the key factor of information leakage and limiting access is effective protection method.
e.g. At my workplace, cleaning personnel has access to most of the room except for Information Technology (IT) room, where all access to the control system is located. This room is locked by a key pad.
Information …show more content…
At my workplace, e-mail from Outlook and browsing history are monitored.
Summary Managing information security needs to have an overall balance. It cannot be just prevention, but it also needs to have detection function to review if prevention properly worked. Furthermore, detecting security incident must respond with a countermeasure to reduce damages. Cyberattack is diversifying and they operate with the aim to obtain information. It will be cost-effective and good management for a company to take the appropriate action of reinforcing IT security.
References:
Gelbstein, E. (2013). Information security for non-technical. bookboon.com.
MSTech Solutions. (2017). Enterprise Physical Security. Retrieved 3 22, 2018, from MSTech Solutions: http://www.mstech-solutions.com/enterprise-physical-security-2/
MSTech Solutions. (2017). IT Security Services. Retrieved 3 22, 2018, from MSTech Solutions: http://www.mstech-solutions.com/it-security-services-2/
Olavsrud, T. (2017, 11 20). 5 information security threats that will dominate 2018. Retrieved 3 22, 2018, from CIO from IDG:
UNIT 7: Information Security
UNIVERSITY OF THE PEOPLE UNIT 7: Information Security
In the textbook, it explains about three areas of accountabilities. They are Enterprise Security, Information Security, and Information Technology Security (Gelbstein, 2013). These securities are to protect information which is the assets of a company. A company must always comply with the laws and regulations, or even to the social norms relating to information security, and they should consider protection of the information as their duty. To maintain its information security, adopting appropriate control is needed. Here I will investigate the details of the three main areas of accountability …show more content…
Building Management: Some companies implement protection by installing the detection sensors, position sensors or cameras outside and inside the building to reduce the blind spot. Awareness of such devices could prevent an intrusion. It is also important to have internal rules and regulations such as the use of the personal device, or retired person’s PC with data, backup data, and synchronization to the cloud may need to be deleted to maintain the security level. By outsourcing to the security company, they could secure the building after-hours.
Access Control: Physically limiting access to the area is a simple and effective way to protect. Devices like key pads, locking device, biometrics readers are some options that company could apply (MSTech Solutions, 2017). Inappropriate control is the key factor of information leakage and limiting access is effective protection method.
e.g. At my workplace, cleaning personnel has access to most of the room except for Information Technology (IT) room, where all access to the control system is located. This room is locked by a key pad.
Information …show more content…
At my workplace, e-mail from Outlook and browsing history are monitored.
Summary Managing information security needs to have an overall balance. It cannot be just prevention, but it also needs to have detection function to review if prevention properly worked. Furthermore, detecting security incident must respond with a countermeasure to reduce damages. Cyberattack is diversifying and they operate with the aim to obtain information. It will be cost-effective and good management for a company to take the appropriate action of reinforcing IT security.
References:
Gelbstein, E. (2013). Information security for non-technical. bookboon.com.
MSTech Solutions. (2017). Enterprise Physical Security. Retrieved 3 22, 2018, from MSTech Solutions: http://www.mstech-solutions.com/enterprise-physical-security-2/
MSTech Solutions. (2017). IT Security Services. Retrieved 3 22, 2018, from MSTech Solutions: http://www.mstech-solutions.com/it-security-services-2/
Olavsrud, T. (2017, 11 20). 5 information security threats that will dominate 2018. Retrieved 3 22, 2018, from CIO from IDG: