Controls To Diminish Information Security Risks

2320 words - 9 pages

Controls to Diminish IS Risks
An assortment of hardware and software is required to build the recommended infrastructure. A managed security service provider (MSSP) administers the hardware and software components (Bass, 2013). The MSSP has the duty to preserve the security infrastructure and monitor it for any relevant occurrences. Every portion of the security hardware executes an indispensable function intended to diminish the risk to the company. The security components establish technical controls that are valuable in tackling identifiable threats to the infrastructure (Bass, 2013).
Firewall access control lists (ACL) labor as a role of the network firewall (Cisco, n.d.). From a practical viewpoint, the firewall establishes a periphery between the public internet and the company’s internal private network (Cisco, n.d.). The firewall safeguards the internal private network with address translation and masks the internal private internet protocol (IP) addresses (Cisco, n.d.). Masking the internal network restricts a hacker’s capacity to ascertain the architecture of the internal private network (Cisco, n.d.). Furthermore, address translation aids in diminishing the quantity of finite public IP address demanded by the company (Bass, 2013). ACLs permit expressly authorized data packets to traverse between the internet and the company’s private network (Cisco, n.d.). Therefore, the firewall handles each packet moving in and out of the company’s internal network and employs the rules defined by the ACL (Cisco, n.d.). On the other hand, if the firewall does not have an ACL rule allowing the traffic, then the firewall releases the information (Bass, 2013). WAFs also operate with network firewalls and ACLs, but safeguard web applications from database injection attacks (SQL injections), cross-site-scripting (XSS), and cross-site-request-forgery (CSRF) attacks (Imperva, n.d.). Appropriately, firewalls, ACLs and WAFs aid in diminishing security risks by defending the company from undesired network communications and safeguarding internal IP addresses (Bass, 2013).
Intrusion Prevention (IP) / Detection Systems (DS)
IP/DS operate with network firewalls and ACLs. Normally, the IP/DS sensor inspects information packets as they pass through the network firewall and enter the company’s internal network (AlienVault, n.d.). The IP/DS evaluates each detected data packet and compares it against a signature library of established malicious traffic (AlienVault, n.d.). The architecture of an IDS/IPS is depicted in (Figure 3). The IDS/IPS blocks the malicious traffic from entering the internal network. If the IP/DS detects a match between a malicious signature and the monitored network packet, it generates an alert in the SIEM for examination by the analytical team (AlienVault, n.d.).

Figure 3. Intrusion Detection (DataComm, 2014)
Additionally, if the prevention system is operational, the firewall dynamically blocks the data...

Find Another Essay On Controls to Diminish Information Security Risks

What works best in terms of translating statistical data on health risks into information patients can use to make informed decisions about treatment or non-treatment?

1269 words - 5 pages , maximising trust. Credibility of the information source is vital to ensure that a message is accepted by the recipient. Although there are often uncertainties in risks in most diseases, by acknowledging them and accepting patients' decisions, doctors will enhance their role and respect from patients (Edwards et al., 2002).[Tutor's comment: 65% Nice essay with excellent use of examples to illustrate concepts. Ideas are clearly explained and supported


942 words - 4 pages , misdirected, and could cause damage to the combativeness of the organization. Internal Risks and Controls In the society today many hackers are known to have both external and internal risks that can ruin an organization security systems. Therefore, the collection of data is critical to establishing virtuous security controls for external and internal that ensure complete secure transactions, verification of the data is valid, and free from errors

Security Management Models for Information Systems

1014 words - 4 pages emulation and adoption” (Mattord & Whitman, 2010). If we analyze security management within the context of access controls we find that access controls are needed to regulate “the admission of users into trusted areas of the organization. Access controls in security management are needed to restrict different levels of access to things like assets, information and other resources of information systems infrastructure. If we analyze security management

Business Intelligence Plan

2080 words - 8 pages Introduction The objective of this Business Intelligence (BI) plan is to encourage outsourcing and offshoring information security (IS) pursuits. The plan provides guidelines for successful implementation of IS systems intended to diminish security risks. The anticipated audiences of this BI plan are chief information officers (CIO) and chief information security officers (CISO). Senior management has an obligation to streamline information

Security in the Business Environment

1919 words - 8 pages security required to protect this data. • Identifying and documenting business-focused security rules. • Identifying security issues and managing identified risks. • Responding to security incidents. This SMF provides detailed information on the strategic and tactical processes that security managers must consider when developing an ongoing security management program. Security Administrators Security administrators are responsible

Information Technology and The Auditing Professional: The Statements of Auditing Standards No. 109

924 words - 4 pages should not solely rely on information provided by IT since the use of IT also has its limitations and can represent a threat to internal controls such as with “inappropriate manual intervention”. It is important to reinforce that auditors should be very careful when analyzing information generated by information technologies as it may not always be accurate. Auditors should also assess management’s focus on handling any “security risks” and

An Evaluation of Security Acts and Models

1936 words - 8 pages the midst of ever more prevalent and expansive impact of recent breaches, this author opines is so pertinent to addressing because the risks to an individual’s right to privacy cannot be understated. Jones (2007) exceptionally states the significance of these guiding principles: Organisations need to deal with (treat) the management of information security risks in a manner that gives confidence to all parties that are involved. Risk management

Information Technology – Structure of Data

1139 words - 5 pages implementation of wireless communications networks and use of wireless devices. Each new development will present new security risks, which must be addressed to ensure that critical assets remain protected. Actions that organizations should take to protect the confidentiality, integrity, and availability of all systems and information include: assessing risks, testing and evaluating system security controls for wireless networks more frequently than for

Accounting Systems

1975 words - 8 pages hardware is not only important to the processing of the information but is also a valuable fixed asset for the company. Therefore controls for the protection of the hardware must be put into place. Computer hardware must be placed in a secure area where the access to it is limited only to those who need to use it. Certain levels of security must me maintained e.g. only the systems administrator can have access to the CPU and storage systems. The

The Microsoft Baseline Analyzer

1175 words - 5 pages performed scans for missing patches, missing/weak passwords, and assess the holistic security status to determine any associated potential risks to the computer. MBSA utilized the Microsoft update catalog and determined which security updates required updating, provided a report on specific system information, and performed Windows Security and Desktop Application Scans to report any further administrative vulnerabilities. The resulting security

Vulnerability assessment of the company system and recommendations on measures to mitigate or eliminate potential risks

1339 words - 6 pages 3. REPORT OF IDENTIFIED RISKS 3.1 Identification of risks in the system and/or security vulnerabilities Risks or security vulnerabilities identified in Dynamic company systems include: 3.1.1 Physical location of web servers is easily accessible by employees The company has insufficient physical controls protecting equipment as the location of web servers are easily accessible by employees. According to Landoll (2011:312) humans pose a

Similar Essays

My Paper Discusses How Applied Information Management Systems Have A Variety Of Risks And The Different Types Of Security You Can Get.

2007 words - 8 pages someone who is a "good listener and assuming a friendly, unthreatening air - to trick others into revealing private information" (78). However, there are ways to prevent these threats by using biometric security measures, nonbiometric security measures, physical security measures, access controls, virtual private networks, data encryption, E-commerce transaction security measures, and computer emergency response team. Biometric security measures

Biometrics Introduction To Information Systems Security

622 words - 2 pages system has its own set of security risks. Location, how critical data is and numbers of users are some of the factors which are taken into consideration when implementing a biometric system.Biometric speed varies from application to application. It depends on the hardware and software. It is also dependant on the user training and application in the environment. Finally human involvement is an important factor in some cases to make the final

Risks And Potential Impact Relating To Security, Auditing And Disaster Recovery

600 words - 2 pages will be on file with the insurance company and at an offsite location. System backups are also secured at an offsite location. Additionally, approaches to the elimination and minimization of the risks are suggested.Risk rating is as follows: 5 - Very High Risk; 4 - High Risk; 3 - Medium Risk; 2 - Low Risk; 1 - Very Low RiskTABLE 1 - SECURITY RISK ASSESSMENTAssets &FunctionsWeightHuman ErrorViruses, WormsTheft of Property / InformationHackers

Computer Security, Defines Encryption And Explain How It Is Used To Protect Transmission Of Information

886 words - 4 pages computer, minicomputer, microcomputers or some combinations?Ø What information technologies might be useful for this application?Some of the security issues, are consist of the level of security required and the cost involved in this conversion. A database system is vulnerable to criminal attack at many levels. Typically, it is the end user rather the programmer who is often (but not always) guilty of the simple misuse of applications. Thus