Information Security Map - Case Study Example

Your Name: Student Number: The unit code: Title: Assignment title: Due date; Title of your topic: Table of Contents Contents Contents 2 Concept Map 3 1.0Introduction 4 2.0 Scope: 4 3.0 Objective of the Information Security: 4 Explanation: 8 4.0 Recommendation 9 5.0 Conclusion 10 6.0 References: 11 Concept Map O 1.0 Introduction Information Security:-Means protecting information and information systems from unauthorized access, use of disclosure, disruption modification of destruction. 2.0 Scope: The scope of the work is to determine if Mr Jonah a Director of InnoSensors based in Perth, Western Australia. Has adhered to the objective of Information Security objectives i.e. the CIAN (Confidentiality, Integrity, Availability and Non Repudiation) 3.0 Objective of the Information Security: The objective of implementing the information security is to ensure that the resources or assets are protected from unauthorised while still ensuring that we still maintain confidentiality:-Protection against unauthorised disclosure of information, Integrity:-Ensuring that the information stored on computer system is never altered in any way that is not appropriate Availability:-Ensures that the information can be accessed by people who should access it when they need it. Threats:-Harm that can happen to an asset. Laptop-: physical theft, Since Mr Jonah occasionally leaves his laptop in the car Rogue Access point/Honey Pot :-Since Mr Jonah also frequently visits Internet cafes for lunch where he utilises the Internet for up to an hour each day he is susceptible Illegal leakage of information, worms, Virus attacks etc.; Lack of Firewall and Antivirus:-This is makes him susceptible to attack by the hackers and other threats that is he is exposed to. Database: Unauthorised access, theft copying of the sensitive information because he carries the sensitive information on his laptop, An attacker can use this opportunity to attack the laptop access the information steal it and sell it to rival competitor which can have catastrophic effect on the organization Mr.jonah is working for. Encryption or Authentication mechanisms: The data stored on Jonah’s laptop, Ipad smart phone is stored in a plain text i.e not encrypted, This information can be eavesdropped by hackers. Assets: This refers to a resource of Value that is when exploited or attacked can have a tremendous negative effect to the organization. Vulnerability: Likely hood of exploitation Walking around with unencrypted data on a laptop Lack of firewall Lack of antivirus Unpatched systems Lack of organization security concerning information security on sensitive data Susceptible to physical to physical damage of the asset(Laptop, pad or Smartphone) Mr Jonah can also be attacked Risk: Threat to an asset Data can be stolen and sold to the competition Laptop can be stolen Since his the laptop is not protected with a firewall, Antivirus or any third party software it is susceptible to worms, virus or hackers attack. After connecting to a public network and then connecting the same comprised laptop to the company network, can be a loophole for the attacker to use as platform for an attack. Incase of our Jonah the Director of InnoSensors based in Perth, Threats: Physical Theft: His laptop, pad or smartphone could be stolen with the vital information. Mechanical/Physical Damage: His laptop, pad or smartphone are susceptible to physical damage since Jonah is on a constant travel Port Scanning: Since Mr.Jonah connects to public wireless network any potential attacker can run port scanning software to identify any potential opened port for intrusion. Since Mr Jonah is using unpatched system, his system is susceptible to attack, he needs to update his system regularly with the latest patches from legitimate vendor (Kizza, 2001). Countermeasure: Carryout the risk analysis, which may involve: Identifying and assessment of the level of risk calculated from: Value of assets Threat to asset Vulnerability and likelihood of exploitation An agreed upon framework is:- To assess the risk a matrix can be used to evaluate threats and counter measure Explanation: In the case of Mr.Jonah, there are some threats that have high expectance and also high impact both to him and the organization that is he is working for. For instance While on the road, Jonah occasionally leaves his laptop in the car. This laptop can be stolen and also the impact is high since the laptop carries unencrypted client confidential business and financial information. The confidentiality of information is important as any disclosure could cause significant embarrassment to him and the company, as well as impact client privacy and confidence. Also, Jonah must provide correct, factual information to all clients hence ensuring the integrity of information is vital. Lastly, should any information not be available when needed, this may result in clients taking their business to the new to market competitor (Kizza, 2001). Looking closely at his action it means his action can be prevented him by being well Informed about information security although he uses computing technology to support his Job, not leave his laptop in the car unattended. A contingency plan can be employed by contacting the insurance company for his laptop to be insured in case his car is broken into or he is attacked by car jerker and his laptop stolen (William Stallings and Lawrie Brown, 2013). Another Countermeasure that can be employed by Mr Jonah includes: Installing the latest patches for his laptop to patch any vulnerability that an attack can use to gain access his system and steal or compromise his system or data. Installing antivirus software and ensuring that the antivirus software is up-to-date and also running in order to protect his system from worms, virus, Trojans and softbots. Installing the latest and best firewall to protect his system from being attacked by hackers. Data encryption; Ensuring that his data is stored in an encrypted format to keep the eavesdropper out, or in case where the attacker managed to get the encrypted data it would be useless to him or her since he or she does not have the decryption key. He can also use a Virtual Private Network while communicating using the public network as the internet. He should also avoid connecting to a public wireless network using his laptop which contains customer and financial confidential information. Because some of this public wireless access point can be rogue access point or honeypot that attackers use to harvest details on unsuspecting victim. If Mr.Jonah wants to connect to a public wireless network at the café using a laptop he should ensures that it doesn’t contain Company sensitive information and also ensures that the latest updates of firewall is installed and also the antivirus. The company should also come up with information security policy that governs how the company information is handled, stored and accessed by authorised users. 4.0 Recommendation Realizing information security is expensive and an organization must do a risk analysis in its events, event s include virus Cryptography can be used to enforce integrity, Authentication, Non-repudiation while availability is enforced through organization Procedures. 5.0 Conclusion With the advancement of the technology protecting information has become the most vital for most of the company, This has also made it even harder because many computer crimes are undetected for along period of time making it difficult to learn from experiences. In addition to this: Many potential threats exist Most of the company computing resources are situated in many locations making controls overall resources difficult Many individual controls information assets Computer networks may be located outside the organization Security procedures are a source of inconvenience and people tend to violate them It is difficult to conduct cost/benefit justification for controls before an attack occurs since it is difficult to assess the value of a hypothetical attack. The cost of providing hazards can be considerably high so most organizations are not able to protect against all hazards. Attempts to provide greater security, results in difficulties such as:- Compromised ease of system use Loss of performance Increased security means greater difficulties in maintaining systems as well as greater efforts on administering security (William Stallings and Lawrie Brown, 2013). 6.0 References: 1. Kizza, J. M. (2001). Computer Network Security And Cyber Ethics (4th ed.). United States of America: McFarland & Company inc. 2. William Stallings,Lawrie Brown. (2013). Computer Security Principles and Pracitce (Second ed.). Australia: Person. Read More