Activities for Systems SecurityActivity 1: a, b, and c. The advancement in the field of information Technology has completely liberalized the way people communicate. Companies, organizations, and institutions of higher learning are among the largest beneficiaries of this technology change. In this regard, there is insatiable demand for both the computer-related equipment and the basic internet infrastructure. As a consequence, a number of issues with respect computer and data/information security are becoming imminent coupled by the efficiency of these IT resources. It is therefore worth to note that computer systems security controls are important in today’s world of computing.
In the context of the provided case in this study, two X-Window computers, four PCs, and one Macintosh computer are provided to a group of thirty Full Time Postgraduate Students. In terms of proportionality, these resources are in short supply as well as exclusively in public domain. As earlier mentioned, the security IT security issues of concern revolves around three main areas; physical, human, and electronic. Physical security comes into focus as the computer equipment and other resources may be stolen by the staff, students, and/or other employees within the institution.
The human security related issues revolve around the possibility of information security being sabotaged by either the students, staff, and/or other technicians entrusted with custody or usage of such information. On the other hand, IT security form an electronic point of view relates to the probability of having remote malicious attacks being propagated by cyber criminals. In this regard, various information assets within the organization are a target of hackers; physical assets, human assets, and electronic assets. The physical assets are for instance the monitors, printers, flash discs, hard drives, CPU, network cables among others.
Subsequently, human assets include the students, staff, or technicians in particular from the IT department who are entrusted with the custody or usage of information stored in the organization’s IT resources. On the other hand, the electronic assets include the specific and general software installed in the computers as well as information/data stored in back-up drives. In addition, information across the network is also critical and should be protected alongside the other assets. Nevertheless, in order to institute proper Information/Computer security, it is important to be conversant with a number of common IT Security terminologies as explained below, Threats –these are probable sources of an incident attack that may bring about adverse changes to an information asset. Vulnerability –refers to the weakness of information assets in terms of controlling or preventing attack by a threat. Impact –refers to a measure of the effect of an event. Risk –it is the combination/integration of the likelihood of an event and its impact. Control –are ways of a managing risk, including procedures, policies, practices, guidelines, organizational structures or practices, which can be technical, administrative, legal, or management in nature.
In order for information security policies instituted by an institution to succeed, it is necessary to incorporate or liaise with all other relevant departments in the formulation of such policies. In particular, this should be done while drafting the business strategic plans. Besides, adoption of internationally recognized Information Security Standards for instance ISO 17799: 2005 Code of Practice for Information Security Management may come in handy.