This website uses cookies to ensure you have the best experience. Learn more

Controls To Diminish Information Security Risks

2320 words - 9 pages

Controls to Diminish IS Risks
An assortment of hardware and software is required to build the recommended infrastructure. A managed security service provider (MSSP) administers the hardware and software components (Bass, 2013). The MSSP has the duty to preserve the security infrastructure and monitor it for any relevant occurrences. Every portion of the security hardware executes an indispensable function intended to diminish the risk to the company. The security components establish technical controls that are valuable in tackling identifiable threats to the infrastructure (Bass, 2013).
Firewalls
Firewall access control lists (ACL) labor as a role of the network firewall (Cisco, n.d.). From a practical viewpoint, the firewall establishes a periphery between the public internet and the company’s internal private network (Cisco, n.d.). The firewall safeguards the internal private network with address translation and masks the internal private internet protocol (IP) addresses (Cisco, n.d.). Masking the internal network restricts a hacker’s capacity to ascertain the architecture of the internal private network (Cisco, n.d.). Furthermore, address translation aids in diminishing the quantity of finite public IP address demanded by the company (Bass, 2013). ACLs permit expressly authorized data packets to traverse between the internet and the company’s private network (Cisco, n.d.). Therefore, the firewall handles each packet moving in and out of the company’s internal network and employs the rules defined by the ACL (Cisco, n.d.). On the other hand, if the firewall does not have an ACL rule allowing the traffic, then the firewall releases the information (Bass, 2013). WAFs also operate with network firewalls and ACLs, but safeguard web applications from database injection attacks (SQL injections), cross-site-scripting (XSS), and cross-site-request-forgery (CSRF) attacks (Imperva, n.d.). Appropriately, firewalls, ACLs and WAFs aid in diminishing security risks by defending the company from undesired network communications and safeguarding internal IP addresses (Bass, 2013).
Intrusion Prevention (IP) / Detection Systems (DS)
IP/DS operate with network firewalls and ACLs. Normally, the IP/DS sensor inspects information packets as they pass through the network firewall and enter the company’s internal network (AlienVault, n.d.). The IP/DS evaluates each detected data packet and compares it against a signature library of established malicious traffic (AlienVault, n.d.). The architecture of an IDS/IPS is depicted in (Figure 3). The IDS/IPS blocks the malicious traffic from entering the internal network. If the IP/DS detects a match between a malicious signature and the monitored network packet, it generates an alert in the SIEM for examination by the analytical team (AlienVault, n.d.).

Figure 3. Intrusion Detection (DataComm, 2014)
Additionally, if the prevention system is operational, the firewall dynamically blocks the data...

Find Another Essay On Controls to Diminish Information Security Risks

The National Security Agency and its Access to Private Information

2417 words - 10 pages school dropout, fairly easily was able to collect very sensitive information. The NSA’s security has been breached once. It is very possible that it could be breached again (Edward Snowden.)   In a recent speech by President Barak Obama in defense Prism, he gave a short history of the NSA. From the time of “The Sons of Liberty,” there has been some form of surveillance in United States. The President stated, “Throughout American history, intelligence

Information Security: Introduction to Research Paper Regarding e-government Security Weakness

535 words - 3 pages citizens and businesses (Tat‐Kei Ho, 2002). The concept of an e-government is to provide access to government services anywhere at any time over open networks. E-government can be defined as government use of information technologies in order to communicate externally in the public sector (with citizens and businesses) and internally (with other government departments) (Ebrahim & Irani, 2005). The term ‘Security’ generally refers to the protection

Computer Security, Defines encryption and explain how it is used to protect transmission of information

886 words - 4 pages computer, minicomputer, microcomputers or some combinations?Ø What information technologies might be useful for this application?Some of the security issues, are consist of the level of security required and the cost involved in this conversion. A database system is vulnerable to criminal attack at many levels. Typically, it is the end user rather the programmer who is often (but not always) guilty of the simple misuse of applications. Thus

What works best in terms of translating statistical data on health risks into information patients can use to make informed decisions about treatment or non-treatment?

1269 words - 5 pages , maximising trust. Credibility of the information source is vital to ensure that a message is accepted by the recipient. Although there are often uncertainties in risks in most diseases, by acknowledging them and accepting patients' decisions, doctors will enhance their role and respect from patients (Edwards et al., 2002).[Tutor's comment: 65% Nice essay with excellent use of examples to illustrate concepts. Ideas are clearly explained and supported

INTERAL CONTROL AND RISK EVALUATION

942 words - 4 pages , misdirected, and could cause damage to the combativeness of the organization. Internal Risks and Controls In the society today many hackers are known to have both external and internal risks that can ruin an organization security systems. Therefore, the collection of data is critical to establishing virtuous security controls for external and internal that ensure complete secure transactions, verification of the data is valid, and free from errors

Security Management Models for Information Systems

1014 words - 4 pages emulation and adoption” (Mattord & Whitman, 2010). If we analyze security management within the context of access controls we find that access controls are needed to regulate “the admission of users into trusted areas of the organization. Access controls in security management are needed to restrict different levels of access to things like assets, information and other resources of information systems infrastructure. If we analyze security management

Business Intelligence Plan

2080 words - 8 pages Introduction The objective of this Business Intelligence (BI) plan is to encourage outsourcing and offshoring information security (IS) pursuits. The plan provides guidelines for successful implementation of IS systems intended to diminish security risks. The anticipated audiences of this BI plan are chief information officers (CIO) and chief information security officers (CISO). Senior management has an obligation to streamline information

assignment eight

1948 words - 8 pages augment earnings has further propelled them to investigate numerous strategies to diminish the expenditures of IT to the overall outlay of goods and services they offer. Such strategies comprise offshoring, offshore outsourcing, nearshoring and coshoring all intended to diminish the IT expense of the organization. The assignment research objectives were to (a) analyze information security risks associated with legacy systems; (b) evaluate the

Security in the Business Environment

1919 words - 8 pages security required to protect this data. • Identifying and documenting business-focused security rules. • Identifying security issues and managing identified risks. • Responding to security incidents. This SMF provides detailed information on the strategic and tactical processes that security managers must consider when developing an ongoing security management program. Security Administrators Security administrators are responsible

Security in Healthcare: How Bring Your Own Device (BYOD) violates Health Insurance Portability and Accountability Act (HIPAA)

1209 words - 5 pages may lead to breach of information thus diminish of confidential element of health records. Storing health records of patients in an individual device is not only prone to being lost but also easily available o rendering and manipulation of provided information in the device due to lack of control ("BYOD Risks & Rewards" para. 1). Wrong Transfer of Information Beaver and Herold (9) specify that BOYD policy is subject to mistakenly information

Information Technology and The Auditing Professional: The Statements of Auditing Standards No. 109

924 words - 4 pages should not solely rely on information provided by IT since the use of IT also has its limitations and can represent a threat to internal controls such as with “inappropriate manual intervention”. It is important to reinforce that auditors should be very careful when analyzing information generated by information technologies as it may not always be accurate. Auditors should also assess management’s focus on handling any “security risks” and

Similar Essays

My Paper Discusses How Applied Information Management Systems Have A Variety Of Risks And The Different Types Of Security You Can Get

2007 words - 8 pages someone who is a "good listener and assuming a friendly, unthreatening air - to trick others into revealing private information" (78). However, there are ways to prevent these threats by using biometric security measures, nonbiometric security measures, physical security measures, access controls, virtual private networks, data encryption, E-commerce transaction security measures, and computer emergency response team. Biometric security measures

Biometrics Introduction To Information Systems Security

622 words - 2 pages system has its own set of security risks. Location, how critical data is and numbers of users are some of the factors which are taken into consideration when implementing a biometric system.Biometric speed varies from application to application. It depends on the hardware and software. It is also dependant on the user training and application in the environment. Finally human involvement is an important factor in some cases to make the final

Risks And Potential Impact Relating To Security, Auditing And Disaster Recovery

600 words - 2 pages will be on file with the insurance company and at an offsite location. System backups are also secured at an offsite location. Additionally, approaches to the elimination and minimization of the risks are suggested.Risk rating is as follows: 5 - Very High Risk; 4 - High Risk; 3 - Medium Risk; 2 - Low Risk; 1 - Very Low RiskTABLE 1 - SECURITY RISK ASSESSMENTAssets &FunctionsWeightHuman ErrorViruses, WormsTheft of Property / InformationHackers

The Risks That International Works Present To The United Arabic Emirates (Uae) Nationwide Security

2267 words - 10 pages This thesis will deal with the risk that international workers presents to UAE nationwide security. Moreover, this thesis will talk about the problems of the government due to of immigration employees and the need for UAE to recommend techniques for dealing with these problems and risks while reducing the effect on UAE citizens and their way of life. Also this article will display the features offered to immigrants by UAE government enhancing to