Preview

Cis 333 Final Term Paper

Better Essays
Open Document
Open Document
2531 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Cis 333 Final Term Paper
Technical Project Paper: Information Systems Security
Information Systems Security
Haseeb Ahmed Khan
Mark O’Connell
CIS 333 Fundamentals of Information Security
March 12, 2012

Abstract
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
The case we have been assigned today deals with physical and logical vulnerabilities and protection against the risks and threats by implying the best controls to either mitigate, avoid and transfer the risks. Being an Information Security officer at a newly opened location in a busy mall, I have been asked to identify physical and logical risks to the pharmacy operations and also to suggest remedies to avoid any huge loss to the business. The pharmacy operations involve the unique transactions which involves the critical patients’ data, valuable medication and access to cash. The regulation set by the government obligates a pharmacy to meet certain standards to secure logical and physical access to information systems.
The pharmacy is comprised of 4 work stations, there is a drug storage are and an office in the premises which has a file server, domain controller and a firewall. The three of the four work stations are placed at the counter to record and retrieve information of customers’ order. The entry of the store if from the mall and there the drug storage area is securely locked location behind the front counters. The store has a back door entry which is used by the employees and for delivery of new drugs. As an IT officer I have to



References: Kim, D., & Solomon, M. (2012). Fundamentals of information systems security. Sudbury, MA: Jones and Bartlett. Department of Finance and Administration, State of Tennessee. (2008). Enterprise Information Security Policies. (Document Version 1.6) Swanson, M., & Guttman, B. (1996). Technology Administration, NIST. Generally Accepted Principles and Practices for Securing Information Technology System, retrieved March 11, 2012, from http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf Benton, R., (2005). Securing The Enterprise, retrieved March 12, 2012, from http://www.sans.org/reading_room/whitepapers/casestudies/case-study-information-security-securing-enterprise_1628 Ghosh, A., & Cigital, M. An Approach to Defending Against New and Unknown Malicious Software. Retrieved Feb 16, 2012, from http://www.cigital.com/resources/papers/ Farahmand, & F., Navathe, & S., Sharp, G., & Enslow, P., Assessing Damages of Information Security Incidents and Selecting Control Measures, a Case Study Approach, Retrieved March 11, 2012, from http://infosecon.net/workshop/pdf/39.pdf

You May Also Find These Documents Helpful

  • Better Essays

    To properly secure an information system means protecting its files and other confidential information from misuse. The current speed of technological growth requires ever evolving security measures to follow these developments. As the members of Team “A” set out to address this need, it was necessary to discuss the requirements. The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools needed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation.…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Better Essays

    Swanson, M. (2006, February). Guide for Developing Security Plans for Federal Information Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    INF 325 Week 1: A Case Study

    • 2472 Words
    • 10 Pages

    Olzak, T. & Bunter, B. (2010, May 07). Security basics - components of security policies. Bright…

    • 2472 Words
    • 10 Pages
    Powerful Essays
  • Better Essays

    Cmgt400 Week3

    • 1493 Words
    • 6 Pages

    References: 1. (2010). Principles of Computer Security: CompTIA Security+ and Beyond (2nd ed.). : McGraw-Hill.…

    • 1493 Words
    • 6 Pages
    Better Essays
  • Powerful Essays

    Nt1310 Unit 1 Assignment 1

    • 1434 Words
    • 6 Pages

    Information has become the most valuable asset of any organization. And keeping that information secure is a major factor in the design and development of any computer system. Security is defined by Merriam-Webster as “the state of being protected or safe from harm”. It is up to every organization to insure that their data is protected, and that nothing that is harmful to the company or its clients is compromised.…

    • 1434 Words
    • 6 Pages
    Powerful Essays
  • Satisfactory Essays

    Is 411 Study Guide

    • 305 Words
    • 2 Pages

    Information Security Business Challenges and Policies the mitigate risk within the 7 domains. – p 77 - 83…

    • 305 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information Security Management Frameworks are based on existing accepted standards, guidelines, and collections of practices that should be implemented in an IT department. I will discuss some frameworks of information security management, their pros and cons, some major perspectives to consider in information security management and the benefits of information security management frameworks.…

    • 721 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    Stout, G. (2012). Live chat presentation 8: Phases 4 & 5. Colorado Springs, CO: CTU Online. Retrieved from CTU Online, Virtual Campus, ICS, 652-1203B-01 https://campus.ctuonline.edu/MainFrame.aspx?ContentFrame=/Default.aspx…

    • 8519 Words
    • 35 Pages
    Powerful Essays
  • Powerful Essays

    Cyber Warfare/Motivations

    • 1841 Words
    • 8 Pages

    Layton, Timothy P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. Boca Raton, FL: Auerbach publications.…

    • 1841 Words
    • 8 Pages
    Powerful Essays
  • Better Essays

    Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems Security. Burlington: Jones & Bartlett Learning.…

    • 1074 Words
    • 5 Pages
    Better Essays
  • Good Essays

    Security Controls

    • 486 Words
    • 2 Pages

    Security controls enable organizations to have a measuring stick where they can assess the effectiveness of their practical and operational security statements and controls against industry standards. These security controls act as guidelines to check the organization's security statements for their maturity and capabilities. Security controls also provide a model framework in order to create a Gap assessment, enable the focus on remediation planning, and increase the awareness and interest of the stakeholders in creating a model that focus on security and risk assessments. These standards are based on laws, standards, regulations and guidelines and are intend to establish the effectiveness of satisfying their specified security necessities (Chew et al, 2007). These standards were developed by a consortium of major corporations, government agencies and many others such as NIST (National Institute of Standards and Technology), OMB (Office of Management and Budget) and other governmental bodies such as the Secretary of commerce, and government issued laws such as FISMA (Federal Information Security Management Act).…

    • 486 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Security in many organizations today is focused on technology and tools; this can be a benefit to organizations as much as it can be a risk. It can be benefit because it can facilitate things for the organization but, it can be harmful because it can backfire, it can facilitate the organizations percentage of being breached by a malicious hacker from either inside or outside the organization. Organizations don’t seem to focus enough on business requirements, physical and information assets, and risk assessment, this can be harmful since these are very important things you need when you have your own organization/company. In this paper I will be talking about the security plans and procedures for important things to an organization such as; E-mail, Acceptable use, Physical security, and last but not least Incident response.…

    • 1383 Words
    • 6 Pages
    Good Essays
  • Powerful Essays

    Term Paper

    • 1470 Words
    • 5 Pages

    Healey, J., Rohmeyer, P., Sachs, M., & Schmidt, J. (2012). Cyber Security Policy Guidebook. Wiley.com.…

    • 1470 Words
    • 5 Pages
    Powerful Essays
  • Better Essays

    Computer "Law"

    • 1833 Words
    • 8 Pages

    References: Whitman, M. E., & Mattord, H. J. (2012). Principles of Information Security (4th ed.). Boston, MA: Course Technology (Cengage Learning). ISBN13: 978-1-1111-3821-9…

    • 1833 Words
    • 8 Pages
    Better Essays