Abstract
This is a research report on the constraints the organization has to face in implementing Information Systems Security. The elements of risks which are involved are highlighted in this study. Constraints are faced by the users of the organizations when this change is implemented. The proactive and reactive security measures are discussed which tends to show the importance and utmost need to implement tight security regarding the information that is being processed in the environment of the organization. The importance of physical security measures is also highly vital. Though the organization may have to heavily invest in their Information Systems security department for the purpose of maintaining the security level of the organization, this investment may prove to be very much beneficial in the long term life cycle of the organization.
Organizational constraints of Information Systems security
Introduction
In order to ensure the security of their data, various organizations and institutions are currently putting up necessary security measures by implementing Information systems security. The importance of information security considerations has risen in the past few years due expanded use of the Internet by institutions, business organizations and individuals on one hand and by criminals and abusers on the other hand (Peltier, 2002). There are various hackers who are dependent on breaching the security which are linked to the physical security elements so that they can make their attempt to trespass into the confidential information of the organization. The hackers tend to use the various social engineering methods to conduct their attempts to breaching of security. At times they pose themselves as the personnel who have come for delivery and behind this they have the intentions of getting the access to the lapses of security. “A security constrain represents a constraint that is related to that security system or organization. By definition, a constraint can be defined as a restriction related to security issues such as privacy, integrity, confidentiality, integrity or availability” (Edcine, 2003).
It is an observed phenomenon that with time the number of malicious hackers is growing tremendously over time, the policies for regulatory issues are also being worked upon very intensively, and the issues related to Information Systems security in organizations are becoming more critical with each day passing by. Organizations have started to develop security plans and assessments for their organization.
When we talk about information security breaches, we look at various important aspects and factors that can amount to a security breach. In the analysis of information security breaches we have to define these terms:
Threat
This is the means by which a given computer system attack can occur. A threat depends on the existence of a particular vulnerability within the system or organization. Threat assessment tends to look at prudent practices and measures to be carried out in order to secure a system and its vital information. Threat assessment can be carried through simulated practice attacks so as to know threat outlines and come up with counter measures against these threats. In some scenarios, threat assessment focuses on the attacker’s potential to carry out an attack and the resources which could be used to execute an assault. These scenarios could be countered by ensuring that the cost of a successful attack overwhelms the cost and resources required to carry out an attack, thus making attacks costly.
Threat assessment is usually carried out in order to come up with security policies that guide on information; the implementation of these policies will be significant in securing information or resources.
Vulnerability
This can be defined as security faults or errors within a system that could lead to a successful attack. The assessment of vulnerabilities should be done on an on-going basis since errors either human or system occurs on a regular basis. Vulnerability assessment also helps the organization come up with security policies on how to respond to new treats and maintain security. Within an organization vulnerabilities are not technology specific and due to the ever increasing pace of technology, new vulnerabilities such as hacking and cracking are on the rise. Employees have to be trained on prudent counter measures to prevent vulnerabilities that might lead to a successful attack.
Risk
It is the probability of a targeted attack being successful. It can also be defined as the extent of exposure to a given threat. Risk assessments are usually conducted to determine the immediate security measures to be undertaken; they are time constraint and have to be conducted immediately. In risk assessment we look at potential security breaches and important issues to be addressed, such as the cost of a successful attack and probability of an attack. Risk assessment helps an organization to budget on security costs and to prioritize security policies to be implemented as quickly as possible.
Impact
When a security breach occurs or when a successful attack has been carried out against an organization, we look at the impact of the attack. Impact refers to cost, damage and other effects on the organization as a result of information access without permission; this weakens the aspect of trust. “Trust of an actor indicates that an actor, truster, believes that another actor, trustee, will not misuse the permission to achieve a goal execute a task or access a resource” (Swatman M. C. 2002). When we are assessing cost impacts, we have to look at business lost due to breached resources; cost of replacing stolen resources or even cost of implementing security measures and recovery of lost data and resources. Impact assessment is very critical since it enables an organization to plan on security that must be put in place; security policy to be adopted and responsible parties for the adoption of the set security measures.
Contracts are given to the security companies to install their security system applications in the organization so that the confidential information remains protected at all times and no breaching of rules and regulations related with the information processing environment occurs in the organization.
The data integration present in organizations involves dealing with various confidential financial information, with secret records of the customer such as their credit card details, and also all their information which is used for the purpose of transaction. The question of maintaining Information Systems security is a quite a debatable issue and till date it remains unanswered of how to protect organizations from the hackers who intrude into the confidential information of the customers (Dhillon 2007).
There are many fields where having high Information Systems security is extremely important such as having tight security in the integration of data when the warehousing of data is taking place, security is required in the migration of data and in all various projects that are dealing with synchronization.
For an effective security plan to be established it is necessary for the security managers to set the priorities on a logical basis by asking various questions and conduct the evaluation accordingly of the security plan (Barr 2010). Having the correct assessments for the security plans may tend to produce better results for the organization. The security of the information that the organization will receive will be highly beneficial for the organization in the long run.
The effective physical security measures are meant to reduce the risk of any security breach by hackers. The main step to be implemented is to allow only authorized personnel into entering the area where high Information Systems security confidential information is present.
The information present physically in the IT structure must be highly protected so that the breaches can be prevented in the organization premises. If the physical security measures and practices implemented are effective then they can add on to the long term effective work processes in the organization. The information plan of the security cannot be ignored under any circumstance (Denning 1990).
There are many organizations present worldwide who tend to spend millions of dollars in trying to get the most authenticated security for their computer system networks. All the latest gadgets related to security are bought by these organizations and then implemented for the purpose of maintaining effective security measures in the organization. All possible firewalls are put in the systems so that every user cannot get the access to the confidential information related to IT security. All possible measures are conducted by the organizations for the prevention of vulnerable security breaches (Denning 1990).
The implementation of Information Systems security in the organizations is a very important aspect. With the increase rate of frauds and cyber crimes over the internet, it is highly recommended that organizations should protect all the information of their organization implementing Information systems security despite the constraints associated with this implementation. Among the major issues in the implementation of information systems security is the question of what constraints are associated with the implementation process. Therefore, the major research question here is; what are the major constraints in implementing information systems security in organizations.
Given this identified problem space, the overall research question of this dissertation is to identify the constraints associated with implementation information system security and how to deal with these constraints. To examine this research question, we should first recognize some of the major information security issues and the respective research contributions; and secondly, to examine the existing approaches for implementing information system security.
Implementation of Information systems security
There are four main types of elements which are essential in implementing the Information Systems security in the organizations. These components should be implemented in the inception stage of any project being conducted in the organization. The components that should be imposed in the organizations are as follows for the security of the data (Dhillon 2007):
1. Authentication
2. Authorization
3. Audit ability
4. Data protection
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]