Posted: May 25th, 2022

Information Security and Risk Management in IT

SECURITY

Information Security and Risk Management in IT

This essay is designed to present and discuss both an assessment of information security and risk management in IT systems and a comparative discussion of important academic theories related to security and risk. In the first section, An assessment, a conceptual framework will emerge including reference to important terminology and concepts as well as an outline of legislation and authorized usage examples. In the second section, Comparative discussion, is a brief discussion of comparison on the academic theories.

Conceptual framework

To begin any work of this nature, it is important to clarify important terminology and concepts. First, an information technology (IT) system is also known as an application landscape, or any organism that allows for the integration of information and communication technology with data, algorithmic processes, and real people (Beynon-Davies, P., 2009 (1)(2)). Every organization consists of some type of IT system in which this integration of processes, activities, information, and technology provides a landscape for decision-making, operations, management, leadership, and any (or all) other organizational functions (Beynon-Davies (1)(2)). IT systems can be

The next important concept to define is that of information security. This concept is about protecting information from the unauthorized access to it for any/all of the following purposes: viewing, disclosing, modifying, exploiting, copying, critiquing, or destroying (or any other unauthorized (mis)use). The people whose information exists within these systems and who interact with these systems count on the confidentiality of the data and the integrity of the processes. The people who create and manage these systems (for whatever purpose) count on effective and efficient functioning and protocols for security and risk management.

The same can also be said for risk management. Risk management is a process for maintaining information security and protocols for it in the case that threats do arise. In fact, the risk management process is one of identifying any opportunity for a threat to arise, assessing the nature and (possible) outcomes of such threats, and prioritizing the focal points for when and where threats may arise. In other words, risk management is about identifying, assessing, and prioritizing risks as well as organizing and implementing protocols for minimizing, monitoring, controlling, and addressing the potential impact of such risks should they arise (Hubbard, D., 2009).

The tasks of information security and risk management within IT systems are important issues that all organizations have to deal with to some degree. The complexity of these issues varies depending on the purposes of the system, the size of the organization, and, of course, the nature of the organization, the number of systems it runs, and the sensitivity of the data its systems contain. Another important point is to acknowledge the overarching protocols that are established by legislation regarding information security and risk management.

Some examples of information security legislation and government protocols are listed and described as follows:

1. HIPAA (Health Insurance Portability and Accountability Act): Signed into law in 1996 and since updated appropriately. This Act seeks to make information more secure from any access/usage outside of strict health care boundaries.

2. U.S. PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act: Signed into law in 2001, it is intended to minimize the restrictions on any law enforcement agencies and essentially make information less secure when these agencies justify access for evidence or intelligence gathering processes or threat assessments related to domestic or global terrorism.

3. Sarbanes-Oxley (Public Company Accounting Reform and Investor Protection OR Corporate and Auditing Accountability and Responsibility Act OR SOX) Act: Signed into law in 2002, to establish and enhance the standards on public accounting firms, public company boards, and management firms in response to a series of serious corporate responsibility and accountability scandals that affected national security markets. This Act seeks to make information more secure and management requirements more stringent. (SEC, 2011).

4. GLBA (Gramm-Leach-Bliley Act or Financial Services Modernization Act): Signed into law in 1999, to allow for the consolidation of insurance companies, securities firms, investment banks, and commercial banks and essentially lessen the security and management standards for these systems established by previous legislation (The Federal Trade Commission, 1999).

5. DMCA (Digital Millenium Copyright Act): AU.S. copyright law that seeks to provide more protection of digital rights, manage these rights more strictly, and punish infringements more severely.

6. CCTV (Closed-circuit-television) Surveillance: The use of video cameras to record and transmit information (visual) in a specific place to a specific place with limited viewing monitors. It is not an open transfer and various government agencies are allowed to use CCTV in surveillance without consent. CCTV as a surveillance method makes our private “information” less secure.

7. Data Encryption: The Federal Information Processing Standard was created in 1976 based on a symmetric-key algorithm for protecting highly sensitive information more effectively making this information more secure and managing risks more effectively (Coppersmith, 1994).

These examples are important for establishing some perspective on the ways in which information and risk management may be viewed by different parties and the justification of some agencies for actually making information less secure and management strategies more broad to serve their purposes.

Comparative discussion

Compare and contrast

Jones (2007) states, “organizations need to deal with (treat) the management of information security risks in a manner that gives confidence to all parties that are involved” (p. 36). Jones (2007) believes that thorough processes of identification, assessment, investigation, analysis, modeling, testing, treating, monitoring, and reporting should be solidified in the fabric of any organization when it comes to information security and risk management. Jones (2007)

The model under Dempster-Shafer Theory of Belief functions is founded in an evidential reasoning approach (Sun, 2006). This approach focuses first on a plausibility analysis and then includes important components of cost-benefit analysis and sensitivity analysis (Sun). Sun (2006) is more interested in establishing the foundations for further research and development that particular focuses on an evidential reasoning approach to the analysis and management of ISS risk. Sun (2006) also insists that more research will always be welcome and necessary.

In McCumber’s (2008) presentation, the focus in on an approach that is “technology-independent.” With this approach, the focus is on measurement (or otherwise measurement analysis) in order to “manage, and move information assurance from art to science” (Conclusion). McCumber (2008) bases his approach on the words (and wisdom) of Lord Kelvin who believed heartily in the theory that anything that the value of knowledge is based in the ability to express that knowledge in numbers.

Bojanc and Blazic (2008) develop an approach based on economic modeling. The most important component to all of these approaches is the concept of cost-benefit and appropriate usage of financial resources in the management of information security and risks to this security. Otherwise, an important difference to these theories is the fact that every organization (or expert) is dealing with a different perspective and purpose for the information it is seeking to protect. Some may have similar perspectives and purposes but still every organization has some unique aspects and needs to develop and implement a theoretical approach that is best for them. Clearly; however, the focus has to be on protection and management and leveraging resources efficiently and effectively.

References

Beynon-Davies, P. (2009)(1). The language of informatics: The nature of information systems. International Journal of Information Management. 29(2), 92-103.

Beynon-Davies, P. (2009)(2). Business Information Systems. Basingstoke: Palgrave Macmillan.

Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38 (3), 243-250. Retrived from Academic Search Premier.

Hubbard, Douglass. (2009). The failure of risk management: Why it’s broken and how to fix it. United States: John Wiley and Sons.

Jones, Andy. (2007). A framework for the management of information security risks. BT Technology Journal. 25(1), 27-36.

McCumber, John. (2008). Assessing and managing security risk in IT systems: A technology-independent approach. Software Assurance Forum, Symantec.

SEC. (2011). Retrieved from www.sec.gov.

Sun, Lili. (2007). An information systems security risk assessment model under Dempster Shafer theory of belief functions. Journal of Management of Information Systems. 22 (4), 109-142.

The Federal Trade Commission. (1999). Retrieved from www.ftc.gov.

---

Get Professional Assignment Help Cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Why Choose Our Academic Writing Service?

• Plagiarism free papers
• Timely delivery
• Any deadline
• Skilled, Experienced Native English Writers
• Subject-relevant academic writer
• Adherence to paper instructions
• Ability to tackle bulk assignments
• Reasonable prices
• 24/7 Customer Support
• Get superb grades consistently

 

Online Academic Help With Different Subjects

Literature

Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.

Finance

Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.

Computer science

Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!

Psychology

While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.

Engineering

Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.

Nursing

In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.

Sociology

Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.

Business

We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!

Statistics

We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.

Law

Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.

What discipline/subjects do you deal in?

We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.

Are your writers competent enough to handle my paper?

Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.

What if I don’t like the paper?

There is a very low likelihood that you won’t like the paper.

Reasons being:

• When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
• We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.

In the event that you don’t like your paper:

• The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
• We will have a different writer write the paper from scratch.
• Last resort, if the above does not work, we will refund your money.

Will the professor find out I didn’t write the paper myself?

Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.

What if the paper is plagiarized?

We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.

When will I get my paper?

You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.

Will anyone find out that I used your services?

We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.

How our Assignment  Help Service Works

1.      Place an order

You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.

2.      Pay for the order

Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.

3.      Track the progress

You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.

4.      Download the paper

The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.

PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!

---