ITM 438 MOD 3 Case
docx
keyboard_arrow_up
School
Trident University International *
*We aren’t endorsed by this school
Course
438
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
6
Uploaded by adrianaamore14
1
Importance of Information Security
Adriana M. Moreno
ITM 438 – Information Security Management and Assurance Trident University International Steve Gralewski
November 6, 2023
2
Importance of Information Security
Information security or INFOSEC is an important tool that is necessary for most organizations to
function today. The purpose of having an INFOSEC plan in place is to ensure the security of
information from unauthorized users, in a variety of different ways, such as modification of
information, unauthorized access, destruction of information or recording of said information.
This information can be business related; information that companies keep pertaining to their
infrastructure or proprietary information. Or the information could also be personal in nature,
such as personally identifiable information or PII such as dates of birth, social security numbers,
etc. Another form of information that is often vulnerable is credit card or payment information
such as bank account numbers and passwords related to said accounts. With all of this
information so prone to exploitation, one could see why information security is so important,
especially in a world where technology is so rapidly changing, almost on a daily basis. Not only
are there measures within INFOSEC that try to counter these types of vulnerabilities, there are
also ways to educate employees, private citizens and large organizations to be more aware of
situations in an effort to counteract those attack attempts. Education is a large part of this effort;
part of INFOSEC programs in those larger companies and corporations is mandatory classes in
an effort to ensure that employees are practicing proper security methods on their part.
Maintaining information security by ensuring proper protocols are followed; encrypting emails if
necessary, not forwarding any information from within the company or corporation to outside
parties or emails unless there is no security risk. These types of practices are often one of the first
lines of defense when it comes to INFOSEC and maintaining that security.
3
Information Security vs. Technology
While information security and technology do go hand in hand, there are several major differences between the two, and one cannot effectively work without the other. As explained above, information security (INFOSEC) focuses on making sure that only authorized users have access to information within an organization or business, “INFOSEC involves the protection of information and information systems against unauthorized use. The field aims to provide availability, integrity and confidentiality” (Galarita, 2022). The other main component of INFOSEC is also responsible for creating and implementing systems and policies within an organization that employees follow in order to try and protect the business, organization or customers. The technology aspect of information security would be more focused on the cybersecurity, or the technology required to maintain the integrity of the information that is needing to be protected. This technology focused piece is defined as, “protecting, preventing damage to and restoring electronic communications services and systems. This includes the information stored in these systems, which cybersecurity professionals work to protect” (Galarita, 2022). Being technology focused, it has everything to do with any kind of electronic systems used to communicate or store information, which also break up into several subcategories to include specialized individuals who are qualified to work on the cloud, network and critical infrastructure security (Galarita, 2022). One of the most notable differences between INFOSEC and technology is that INFOSEC
covers all types of information; not just digital information like the technology aspect of protection. This means that within a business or organization, any information such as files, intellectual property, proprietary information, etc. that could be misused, modified or stolen.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
These two systems overlap by using confidentiality, integrity and availability of information to try and develop security policies (Galarita, 2022). This is achieved by first ensuring that information is only accessible by authorized users. Second, by ensuring that the information has maintained its integrity; that it has not been compromised or tampered with is any way. Third and
finally, by ensuring that said information is readily accessible; when you need it, it will be there. Designing and Implementing an Information Security System
Designing an INFOSEC system really can depend on the type of needs for each specific business or organization. Essentially, most need to incorporate the same things in order to ensure information security and integrity. The first step is to have an INFOSEC team in place; this will be the team of individuals who understand the needs of the business or organization; they are in charge of “articulating the mission of the program, building and deploying security policies, limiting risks, and more” (Stronghold Data, 2022). Next, one would need to take an inventory of any and all assets that are in need of protection due to containing valuable data. Not only this, they also need to be aware of any hardware that can contain or store data and databases. These also need to be properly accounted for in order to be successful in building a successful information security program. The next step would be to assess any areas of risk; what and where
are the vulnerabilities within the business or organization and what threats they may pose to the assets that are in need of protection. These risks can impact the business itself, as well as the clients themselves and other entities that the business or organization uses or provides service for. The next step is to manage the risks that have been identified by the information security team that was established at the beginning of the process. Once the risks have been identified, they then need to be prioritized in order of precedence based on the immediate or less immediate
5
need to prevent said risk. All risks cannot be prevented; there are inevitable risks associated with INFOSEC plans, but determining what risks can or cannot be accepted is part of the security teams job. Following managing risks is having a disaster recovery plan. Again, you cannot make any business or organization risk-proof, and now more than ever the risks associated with this type of information and data at stake. These disasters can be technical in nature or physical, which is why education on information security has to encompass both types of potential security
breaches. Following this step is establishing security controls; which again can be physical or technical security breaches. This can involve encrypting data, deploying antivirus systems and firewalls, as well as having adequate physical security measures in place (Stronghold Data, 2022). The last step is implementing security awareness training, which is a vital part in the security plan. Employers need to ensure their employees are properly trained in order to help prevent and possibly identify potential threats to the information that is needing to be protected. All of these steps are an integral part of protecting and maintaining information security and integrity. This job is not getting any easier as technology continues to grow in sophistication,
but only makes the job of preparing for and defending against these attacks all the more important.
6
References Galarita, B. (2022, November 8). Information security vs. cybersecurity: What’s the difference?
Forbes. https://www.forbes.com/advisor/education/information-security-vs-cyber-security/ Stronghold Data. (2022, April 11). Implement a successful information security program
. https://strongholddata.com/implement-a-successful-information-security-program/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help