Importance Of Information Objective Planning Objectives (1)

docx

School

Laikipia University *

*We aren’t endorsed by this school

Course

301

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

6

Uploaded by KidAlligatorPerson498

Report
1 Importance Of Information Objective Planning Objectives Student's Name Institutional Affiliation Course Code and Name Instructor Name Due Date
2 Importance Of Information Objective Planning Objectives Introduction Planning for information security has become crucial to corporate operations in the current digital era. Protecting this infrastructure is essential to maintaining data confidentiality, integrity, and availability since organizations rely on it to carry out crucial tasks. This paper aims to present techniques for protecting information systems infrastructure while highlighting the need for comprehensive information security planning. Importance of Information Security Planning Planning for information security is essential for securing sensitive information, preserving company continuity, and defending against potential online attacks. Adequate security measures are implemented to help stop unauthorized access, data breaches, and other security issues. Financial loss, reputational damage, and legal implications are just some of the negative outcomes that can result from a security breach. Businesses must develop comprehensive information security procedures to protect their infrastructure from potential threats or attacks. According to the National Academies Press, information security has three primary objectives: privacy, reliability, and accessibility. Confidentiality prevents sensitive data from being exposed to unauthorized parties. Integrity ensures that information is true and unaltered. The information must be accessible and readily available to authorized users at all times. By putting in place the necessary security measures, information security planning seeks to accomplish these goals (Ursillo & Arnold, 2019). Methodologies for Securing Information Systems Infrastructure Infrastructure for information systems must be secured using a comprehensive strategy that includes adopting several security measures. The information systems infrastructure may be
3 protected using the following approaches while maintaining the infrastructure's confidentiality, integrity, and availability: 1. Risk Assessment Risk assessment is crucial in identifying potential security risks and threats to information systems infrastructure. It involves analyzing the current infrastructure, identifying potential threats and vulnerabilities, and assessing the impact of security incidents. Organizations can efficiently prioritize their security activities and allocate resources thanks to the risk assessment process. Utilizing a risk management framework, which offers a systematic and organized procedure for discovering, evaluating, and managing risks, is one strategy for risk assessment. A well-known risk management system was created by the National Institute of Standards and Technology (NIST), and it consists of five steps: identity, protect, detect, respond, and recover. Organizations evaluate possible threats and vulnerabilities in the first stage while identifying the assets and systems individuals must secure. In the second stage, organizations put protections in place to protect these resources and techniques. Finding any potential security flaws is the third stage. Responding to security events comes in at step four, and repairing any harm is done at step five (Bibri et al., 2020). Utilizing a quantitative or qualitative risk analysis is another method for risk assessment. While qualitative risk analysis uses subjective judgments to analyze threats, quantitative risk analysis entails putting numerical numbers on the possibility and possible consequences of a security breach. Both methods can identify and rank possible security risks and threats. 2. Access Control Access control is a safety mechanism that limits access to confidential information and computer systems. It entails putting rules, processes, and technology in place to guarantee that
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 only those with the proper authorization may access sensitive data. Role-based access control, multi-factor authentication, and password policies are examples of access control measures. By restricting access to those permitted to see, edit, or delete the information, access control seeks to avoid the abuse, unauthorized modification, or disclosure of sensitive data (Bibri et al., 2020). This technique defines access controls and user rights and privileges. Encryption, authentication, authorization protocols like role-based access control, and authentication methods like passwords or biometric identifiers can be used to implement access control policies (Bourgeois & Bourgeois, 2014). 3. Encryption Encryption is a method of converting plain text data into a coded format for security. Encryption may be used to safeguard data both while it is stored and while it is in transit. Algorithms are used to convert data into an incomprehensible format that authorized parties can only decrypt. 4. Firewall Protection A security feature called firewall protection aids in preventing unwanted access to the infrastructure of information systems. Firewalls are devices used to protect a network. Monitoring and blocking network traffic that does not conform to predetermined security criteria. They are a barrier between a company's internal network and the internet to prevent unwanted access to the information systems infrastructure. By reviewing network traffic, firewalls may detect and stop possible security risks like malware, viruses, and other harmful software. Additionally, to lower the danger of illegal access to private data, firewalls may be set up to restrict access to particular programs or services, including email or file-sharing (Bibri et al., 2020). A significant security measure that can aid in preventing unwanted access to the
5 infrastructure of information systems is the implementation of firewalls as part of an organization's overall information security planning strategy. 5. Patch Management Patch management regularly installs updates and patches for software to address security flaws in the operating system, programs, and other software. The infrastructure is protected against known vulnerabilities and attacks thanks to routine patch management. Maintaining the security of an organization's information systems infrastructure requires effective patch management. Organizations may lessen the risk of cyberattacks and safeguard their private data by routinely applying updates and fixes. Furthermore, patch management guarantees that businesses' software and systems are up to date with the most recent security features and industry best practices. Conclusion Overall, there can be no leaks, alterations, or lack of access to data. That's why it's so essential to get ready for data protection. This paper describes a few methods that may be used to secure the infrastructure of an information system. To safeguard an organization's infrastructure against potential threats and assaults, it might establish policies, procedures, and controls as part of a more comprehensive information security strategy. Businesses may use these strategies to protect their infrastructure and confidential information from being compromised.
6 References Bibri, S. E., Krogstie, J., & Kärrholm, M. (2020). Compact city planning and development: Emerging practices and strategies for achieving sustainability goals. Developments in the built environment , 4 , 100021. https://www.sciencedirect.com/science/article/pii/S266616592030017X Bourgeois, D., & Bourgeois, D. T. (2014). Learning Objectives; Chapter 6: Information systems security – Information systems for business and beyond. Create OER with Pressbooks – Your partner in open publishing. https://pressbooks.pub/bus206/chapter/chapter-6-information-systems-security/ Ursillo, S., & Arnold, C. (2019). Cybersecurity Is Critical for All Organizations–Large and Small. 2019 International Federation of Accountants . https://www.ifac.org/knowledge-gateway/preparing- future-ready-professionals/discussion/cybersecurity-critical-all-organizations-large-and-small
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

11012675.edited.docx
BSBHRM602 Task 2.4 - Human Resources Strategic Plan.docx
AsthmaProgramGuide_Mod1-79.pdf
WGU C172 Network and Security (40).pdf
CWEL License Exam-25.pdf
finalcriticalinfrastructurecoco.docx
ttcyftxycf (147)-21.pdf
Week 3 Discussion 1.docx
_wgu_course_c838___managing_cloud_security_exam-150.pdf
Certificate of Competence in Zero Trust (CCZT) Exam Questions.pdf
CIS230_2.3_Windows System Hardening_Lab.docx
_wgu_course_c838___managing_cloud_security_exam-87.pdf