IS 577: Case Studies In IT Security
Ravi Peruri
IS 577: Case Studies in IT Security Mgmt. and Ethics
Introduction
With the various customization of web applications, security is gradually improving, many project managers, implementation partners, and IT developers are still unaware of vulnerabilities that can expose sensitive and institutional data, data loss, or poor data quality. Combining security with the Software Development Life Cycle sometimes requires additional practical training, an overview of existing practices, and might require a transformational change. An organization-wide focus, where every employee/contractor participating in a software development needs to put in a collective effort and moral responsibility to deploy the code and securing web …show more content…
applications is required. If sponsored from the top management level the organization would be able to secure its code and applications.
Corporate Ethics and Responsibility
Corporate Ethics and uniformity are two things that need to be sustainable.
The moral code of ethics and conduct defines the performance indicators, compliance training, accounts-auditing, and business reporting guidelines across five areas of responsibility.
Four main Ethical Concerns in IT Security
Security: With the rise of internet, intruders have found it easy to hack into any system as long as it is connected via internet/network. They can easily use the address to access a system and steal data for various reasons.
Privacy Issues: As IT enabled us to share and search relevant information over the internet had exploited the freedom of privacy in various ways such as by the use of streaming webcams and use of social networks.
Copyright Infringement: IT has made it easy for users to access any information at any point of time. With the rise and development of content sharing networks and photo sharing sites, many original owners of these works are completely losing the trustworthy of their works, because users of IT can easily gain access and share that data with friends which is good news for the downloaders because it is free, but the effort of original creators of these works are compromised. Recently, the federal government has closed few websites like file-sharing (mega upload, file sonic, …show more content…
etc.,).
Digital divide: IT has many opportunities within with the rise of new technologies and tools which shaped many domains in developed countries, to the contrary part of it, other countries have a great difficulty enjoying the same benefits of it. In other poor countries where education is considerate, most of these poor countries have old computers, so students would not be aware of new IT innovations.
Principles of Ethics
• Must provide safe and healthy work environment
• Minimizing adverse effects
• Compliant code management system
• Maintain ethical standards
• Maintaining labor and applying human rights to workers
Implementation of Securing Applications
Steps to integrate into SDLC:
1: Create a formal document, outlining securing application deployment.
• Describe the standards, best practices and terms for development and support of systems. This document should outline the roles and responsibilities, approach for planning and management across the SDLC, and include templates for analysis of data privacy and retention.
2: Effective Training to the employee
• Any system would fail, if the project managers, developers, and business users aren’t educated on security concerns, and laws pertaining to it.
3: Scope the Security requirements at initial stage
• How personal/confidential data should be protected?
• Any Compliance requirements - HITECH, HIPAA, etc.?
• How to store and secure log files?
• What is the data retention period?
• IT security assessment in case of breach.
4: Have a IT Security officer
5: Frequent security checkup and mock drills
• Use code reviews including security and
databases
• Use developers to unit test the secure applications
• Automate scripts and security applications
6: Deployment
• Build sandboxes, for production, and test then build separate for the development.
7: Operations and Maintenance
• Step by step document for handling sensitive data
• Frequent and timely reviews
• Applying patches when available
8: Decommissioning of Applications and Databases
• Get a picture of retention policy and compliance.
Advantages:
Using an enterprise based SDLC focused on applications and IT security would result in minimizing risks of exposing confidential data.
Challenges and Conclusion:
Sustaining and standardizing a huge SDLC process primarily focused on security is always a challenging task for enterprise level companies. Often, very urgent and high priority tasks and projects usually break the best practices and rules, leading to disappointing results. Nonetheless, review checkpoints on a regular basis can slow down the application development thereby causing customers unsatisfied with extending project timelines. Grabbing the metrics that help in minimizing the risks associated without following the SDLC best processes, in addition to providing continuous education to the staff as well as top management support are very important in meeting goals and objectives.
IS 577: Case Studies in IT Security Mgmt. and Ethics
Introduction
With the various customization of web applications, security is gradually improving, many project managers, implementation partners, and IT developers are still unaware of vulnerabilities that can expose sensitive and institutional data, data loss, or poor data quality. Combining security with the Software Development Life Cycle sometimes requires additional practical training, an overview of existing practices, and might require a transformational change. An organization-wide focus, where every employee/contractor participating in a software development needs to put in a collective effort and moral responsibility to deploy the code and securing web …show more content…
applications is required. If sponsored from the top management level the organization would be able to secure its code and applications.
Corporate Ethics and Responsibility
Corporate Ethics and uniformity are two things that need to be sustainable.
The moral code of ethics and conduct defines the performance indicators, compliance training, accounts-auditing, and business reporting guidelines across five areas of responsibility.
Four main Ethical Concerns in IT Security
Security: With the rise of internet, intruders have found it easy to hack into any system as long as it is connected via internet/network. They can easily use the address to access a system and steal data for various reasons.
Privacy Issues: As IT enabled us to share and search relevant information over the internet had exploited the freedom of privacy in various ways such as by the use of streaming webcams and use of social networks.
Copyright Infringement: IT has made it easy for users to access any information at any point of time. With the rise and development of content sharing networks and photo sharing sites, many original owners of these works are completely losing the trustworthy of their works, because users of IT can easily gain access and share that data with friends which is good news for the downloaders because it is free, but the effort of original creators of these works are compromised. Recently, the federal government has closed few websites like file-sharing (mega upload, file sonic, …show more content…
etc.,).
Digital divide: IT has many opportunities within with the rise of new technologies and tools which shaped many domains in developed countries, to the contrary part of it, other countries have a great difficulty enjoying the same benefits of it. In other poor countries where education is considerate, most of these poor countries have old computers, so students would not be aware of new IT innovations.
Principles of Ethics
• Must provide safe and healthy work environment
• Minimizing adverse effects
• Compliant code management system
• Maintain ethical standards
• Maintaining labor and applying human rights to workers
Implementation of Securing Applications
Steps to integrate into SDLC:
1: Create a formal document, outlining securing application deployment.
• Describe the standards, best practices and terms for development and support of systems. This document should outline the roles and responsibilities, approach for planning and management across the SDLC, and include templates for analysis of data privacy and retention.
2: Effective Training to the employee
• Any system would fail, if the project managers, developers, and business users aren’t educated on security concerns, and laws pertaining to it.
3: Scope the Security requirements at initial stage
• How personal/confidential data should be protected?
• Any Compliance requirements - HITECH, HIPAA, etc.?
• How to store and secure log files?
• What is the data retention period?
• IT security assessment in case of breach.
4: Have a IT Security officer
5: Frequent security checkup and mock drills
• Use code reviews including security and
databases
• Use developers to unit test the secure applications
• Automate scripts and security applications
6: Deployment
• Build sandboxes, for production, and test then build separate for the development.
7: Operations and Maintenance
• Step by step document for handling sensitive data
• Frequent and timely reviews
• Applying patches when available
8: Decommissioning of Applications and Databases
• Get a picture of retention policy and compliance.
Advantages:
Using an enterprise based SDLC focused on applications and IT security would result in minimizing risks of exposing confidential data.
Challenges and Conclusion:
Sustaining and standardizing a huge SDLC process primarily focused on security is always a challenging task for enterprise level companies. Often, very urgent and high priority tasks and projects usually break the best practices and rules, leading to disappointing results. Nonetheless, review checkpoints on a regular basis can slow down the application development thereby causing customers unsatisfied with extending project timelines. Grabbing the metrics that help in minimizing the risks associated without following the SDLC best processes, in addition to providing continuous education to the staff as well as top management support are very important in meeting goals and objectives.