Preview

It244 the Principles and Policies of Information Security

Better Essays
Open Document
Open Document
841 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
It244 the Principles and Policies of Information Security
The Principles and Policies of Information Security Computer networks have allowed activity that none dreamed possible hundreds of years ago; however, millions of attempts to compromise the security of computer systems are made on a daily basis. Knowing and using the 12 principles of information security allows security professionals to mitigate most threats to data security. By understanding the different types of security policies, effective policies can be put into place that ensure better information security. What security professionals must find paramount is that 100% secured is impossible to achieve.
The 12 Principles Given enough time, a person with the right skills and proper tools can break through any lock. Relate this to a thief with a safe; eventually even a steel wall can be compromised. No matter what a person does to protect something, that protection only buys time until the security is ultimately breached (Merkow & Breithaupt, 2006). The second principle states that all information security policies try to address at least one of these principles: confidentiality, integrity, and availability. Suppose someone gains unauthorized access to sensitive data; already the confidentiality of the data is breached. Should the user have sufficient access, the data could be changed therefore ruining its integrity. This situation could arise through access permissions being set incorrectly (Merkow & Breithaupt, 2006). Principle three: defense in layers. Cybercriminals should always be forced to break through multiple safeguards if they are to gain access. Much like a medieval castle was built with bridges, walls, and inner walls to provide layers of defense, so too are today’s information security systems (Merkow & Breithaupt, 2006). Principle four: people will always make poor security decisions if they are not educated to avoid such behavior. We hear so much about the dangers of opening email attachments from people unfamiliar to us; however when

You May Also Find These Documents Helpful

  • Better Essays

    To properly secure an information system means protecting its files and other confidential information from misuse. The current speed of technological growth requires ever evolving security measures to follow these developments. As the members of Team “A” set out to address this need, it was necessary to discuss the requirements. The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools needed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation.…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Good Essays

    The purpose of this policy is to define standards for connecting to Richman Investments network from any host. These standards have been designed to minimize the potential exposure to Richman Investments from damages which may result from unauthorized use of Richman Investments resources. Damages include intellectual property, the loss of sensitive or company confidential data, damage to critical Richman Investments internal systems, damage to public image, etc.…

    • 438 Words
    • 2 Pages
    Good Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    • Your summary should be written in a concise and clear manner that summarizes your policy for readers.…

    • 470 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    This paperwork of IT 244 Week 1 Individual Introduction to the Information Security Policy Appendix C comprises:…

    • 396 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    INF 325 Week 1: A Case Study

    • 2472 Words
    • 10 Pages

    Internet and network security are a primary concern for many businesses. In today 's world, the number of hacks and leaks of data is continuing to rise, which is what makes security the primary concern. What may or may not be apparent is that many breaches of data tend to be caused by internal users ' errors that may not even have been meant to be malicious. Liaskos and Sandy quote a study by Roman which revealed…

    • 2472 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    NT2580 Project part 1

    • 606 Words
    • 3 Pages

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Cmgt400 Week3

    • 1493 Words
    • 6 Pages

    References: 1. (2010). Principles of Computer Security: CompTIA Security+ and Beyond (2nd ed.). : McGraw-Hill.…

    • 1493 Words
    • 6 Pages
    Better Essays
  • Good Essays

    Never allow any type of attack, successful or otherwise to go undocumented or wasted. “If you experience an attack, learn from it,” For example, let us analyze an information security breach case of a financial corporation that caught an employee trying to steal very private company trading algorithms. Accountability and authenticity must immediately be exercised to ensure…

    • 639 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    NT2580

    • 1232 Words
    • 14 Pages

    Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure …

    • 1232 Words
    • 14 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580

    • 526 Words
    • 5 Pages

    Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Attacks, threats, and vulnerabilities in a typical IT infrastructure …

    • 526 Words
    • 5 Pages
    Satisfactory Essays
  • Better Essays

    In the 21st century, a business without a network mirrors a city with no roads. Small businesses, in particular, arguably have a greater need for network connections and information systems. Small businesses rely on information systems for several things, to include their communication and customer database.…

    • 1348 Words
    • 6 Pages
    Better Essays
  • Better Essays

    Anti-Virus Software

    • 974 Words
    • 4 Pages

    Leung, Linda, (November 10, 2004) “Security: End users are your first line of defense” Computerworld…

    • 974 Words
    • 4 Pages
    Better Essays
  • Better Essays

    Threat= person/ organization that seek to obtain or alter data/ assets illegally, without the owner’s permission (often without owner’s knowledge).…

    • 980 Words
    • 4 Pages
    Better Essays
  • Good Essays

    Pakistan Day

    • 1941 Words
    • 8 Pages

    Pakistan dayIndependence Day (Urdu: یوم آزادی; Yaum-e Āzādī), observed annually on August 14, is a national holiday in Pakistan, commemorating the day when Pakistan achieved independence and was declared a sovereign nation, following the end of the British Raj in 1947. Pakistan came into existence as a result of the Pakistan Movement; the Pakistan Movement aimed for creation of an independent Muslim state by division of the north-western region of the South Asia and was led by All-India Muslim League under the leadership of Muhammad Ali Jinnah. The event was brought forth by the Indian Independence Act 1947 in which the British Indian Empire was divided into two new countries—the Dominion of India (later the Republic of India) and the Dominion of Pakistan (later the Islamic Republic of Pakistan) which included the West Pakistan (present Pakistan) and East Pakistan (now Bangladesh).…

    • 1941 Words
    • 8 Pages
    Good Essays