Effect of effective security essay:
Information is regarded as a valuable commodity in any organization that is whether it is printed or written. To avoid threats and risks to the information is to manage this information by establishing an information security management system (ISMS). Information security involves activities which relate to the protection of information assets from threats that would lead to the loss, disclosure, misuse or damage of the information (Kimberley 2004). Information management system therefore refers to measures that would be employed by an organization so as to sensibly manage these risks.
- Risks to the information assets can be analyzed by the following issues;
- Risks to the organization’s assets; these are the events which are not wanted and thus could cause an accidental or deliberate loss, misuse or damage of assets.
- Vulnerabilities; how prone the asset is to attack.
- Impact; the magnitude of a likely loss.
- A security device, need to have the following characteristics so as to make people to use it widely;
Centralized administrative data base
A distributed database management system normally is used to manage a distributed database. A centralized database has all the data at one place. It is completely different from a distributed database which has data on different places (Thomas 2006). Since the data is at one place there is a problem bound to occur, and data availability is not efficient as it is the case in a distributed database. The main advantage of a centralized database is that its management is made easier since the data resides at the same place. The disadvantage of the centralized database is that bottlenecks occur. Monitoring of the data is done from one location and thus reducing the risks that would affect information of an organization.
This is an example of an information system that has a centralized database. Here four clients share a common database that is centrally placed. If data for a given Organization has centralized database, then all data is stored in a single place like a main frame computer or a server. User from remote locations then could only access data via the Wide Area Network (WAN) by use of programs of application to access the data. The mainframe or server should be able to satisfactorily handle requests that come to the system, and this makes it prone to a bottleneck. On the other hand because all data reside in the same place, it is very easy to maintain and back up data. Additionally it is much easier to maintain data integrity since once data has been stored in a centralized data base, an outdated one is expunged from other places.
Mobility of information
Mobility refers to the ability to move between locations. Mobility of information, as the term expresses, could refer to the ability of information to flow from one place to another with ease. A security device bearing this trait could be embraced by all people because it could serve their needs with a lot of efficiency (Timothy 2006). Migration of this sort is normally performed when the point of origin does provide given undesirable quality or because the point of destiny has given desirable features which could give rise to a number of opportunities as compared to the source. Here, we will be majorly concentrate on the mobility of computer systems and information systems to be specific. To this effect we mean the features that emerge in computer systems as a result of the use of mobile software or hardware. A feature could affect either the mobile elements or the components of the system which comprises of mobile component or in some cases both.
In computer science, mobile units do occur in both mobile software and hardware and on the other hand it is evident that several challenges are encountered doe to the distributed systems because they require additional consideration as compared to the centralized systems. As it regards to information systems, they have their own unique issues in computer science such as consistency and the truncation support. Hence mobility in this sense has various effects which are dependent on the combination of different characteristics: the characteristics of a distributed information system with mobile hardware inclusive differ to some extent with those of a centralized system which are being accessed by mobile agents, but also to some extent they share few commonalities.
Categorization of security levels
Security produced by a good security device ought to be made in such a way that it can be configured to different categories. There are standards set to enable the categorization of the security of information systems which are based on the objectives of availing appropriate levels of information security in accordance with the range of the risk levels (Mark 2011). Guidelines are also developed to recommend which types of information systems are to be incorporated in each category. Minimum requirements concerning information security which include; operational, management, and technical control of security are also considered so as to ensure that each category of information systems is okay.
These categories, in organizations are meant to caution them against any risk that could jeopardize their operations. They are therefore based on the potential effect on an institution should a given incidence occur and hence jeopardize the information systems which are handy to the organization in accomplishing assigned mission, fulfilling its legal mandate, protecting its assets, maintaining its day to day operations and protecting individuals. Security categories are therefore being used together with susceptibility and threat information in the assessment of the risk which could be encountered by an organization due to the operation of its security systems. Categorization of security is ensured under given standards which provide a framework and understanding which expresses security which in turn promotes;
Management that is effective coupled with effective oversight of information security programs which include the coordination of information security throughout the national security, homeland security, emergency preparedness, and law enforcement.
Consistency in reporting for example say, the office of Management and budget or congress on matters associated with the effectiveness of information security policies, practices and procedures.
Classification could be done in three levels as the table below indicates:
Sensitivity classification
Definition
Illustrative examples
Labels
- High
Financial harm
Operational harm
Personal harm
Personal information which could have highly sensitive information
Emergency Information
High sensitivity
- Medium
Same as above but with medium levels of sensitivity
Same as above but with high sensitivity
Medium sensitivity
- Low
Same as above but with low sensitivity
Same as above but with low sensitivity.
Low sensitivity
The table above merely shades light on how categorization of data can be done. These levels are as a result of the sensitivity levels of different data in an organization. Data could be same say for example personal information, but then differ in the levels it could be. For example in the government, personal information of the members of the cabinet could be treated as highly sensitive while that of junior employees in an organization is treated as less sensitive.
Real time response of a security device
This refers to the time that can be taken in replacing or fixing a security device in case it got damaged or destroyed. Since information security in any organization is crucial, any risk occurrence should be attended to with the urgency it deserves so as to curb further damages or destruction (Thomas 2005). As organizations continue leveraging open connectivity in communications regarding to business with their clients, partners and employees, risks of theft, intrusion and even malicious attacks are bound to happen thus posing a constant threat to the system integrity. In an effort to mitigate these risks, with in an environment with open computing, organization structures do depend on security infrastructures such as firewall and Intrusion Detection Systems (IDS) and other preventive measures. But the purchase and implementation of the security devices alone can not completely do away with these threats which are associated with systems which are openly accessible. In order to curb the risks associated with any information security system, an organization ought to constantly monitor, maintain and manage these devices and enough resources must be in place to enable the organization to react to any suspicious activity.
Long lasting effect of a security device
If the security device is durable, then it will be able to create stability and ensure comfort to the people permanently. This will also make an organization to make more profits if it was a profit making organization since the costs associated with the purchasing or maintenance of the security device.
Expiration in security devices
A good security device needs to be made in such a way that once it expires it can be renewed. Renewable security devices enable the organization from the costs that would be encountered on acquiring new security devices. On the other hand, resources are scarce hence the importance to utilize them effectively. Some security devices could pose a threat to the environment by polluting it or equally there are costs that could be incurred when disposing them. These problems are avoided if the security devices are renewed.
Transferability
A good security device would be easily transferred to another from one person to another for them to use. Transferability of the security device between persons enables an organization to utilize the device. This characteristic can also enhance that one of mobility because a security device that is not transferable can not be mobile.
Multiplicity of security tool
A good security device can be termed excellent if just one device can be used in gaining access to multiple devices. This could be more effective as time is saved as only one device is involved in accessing several devices. At the same time a device bearing this trait, could help an organization to cut back on costs involved in employing more people who would be handling devices which do not have multiplicity trait. This is because one person can not handle all of them. Therefore multiplicity is a desirable characteristic of a security device since it makes an organization’s running smooth.
There are two main issues that could rise as a result multiplicity. Essentially, these issues emerge when there is no stable trust network. These are:
1. The risk of someone accessing unethical materials online by using your network or even your personal information via your local network.
2. The risk involved due to the need to trust access point owner you connect to while at home. This may involve the stealing of sensitive passwords such as those of a bank or online banking services.
To avoid these issues, an organization needs to maintain its Networks properly especially the Local Area Network (LAN). This is to ensure that these intruders or those intending to use the information wrongly are kept at bay.
It is important that any organization takes sufficient caution on its information systems by ensuring that it hires the appropriate employees who are competent at their work and by ensuring that data is monitored and managed effectively (Kimberly 2004). This will make an organization to be able to guard its assets properly thus ensuring itself success.