Company Information Security (Essay Sample)

Company Information Security Name Institutional Affiliation Introduction With the high upsurge in cyber insecurity it is essential for our company to adopt measures preventing any form of cyber threat. This would mean an upscale in system security. A system security means protecting information by prevention and detection of any unauthorized action by a user. It also includes confidentiality, privacy and integrity. System security involves three processes; prevention i.e. putting measures in place to prevent information from being altered, damaged or stolen; detection i.e. putting measures in place to enable you notice when information has been damaged, stolen or changed and Reaction which is the measure to be taken to recover lost, damaged or changed . Question 1:  Explain the security threats the employees' mobile devices may be subjected to. For threats pertaining to electronic transactions, explain countermeasures. With more organizations starting to rely on versatile engineering, much more needs to be carried out to close the security crevice that exists today to safeguard delicate information. Two of the biggest dangers against these gadgets today, are robbery and shaky correspondences (Jansen, 2009). If a cheat gets another person's active advanced mobile phone or portable computer, he/she has access to the client's information and data saved on that gadget. There are requisition shortcoming as to where they store the information, all the person in control of the gadget needs is a USB link, in a few cases, to get the log in accreditations or other information relating to a considerable measure of prominent applications on both OIS and Android stages. Immobilizing this risk begins with individuals; however, it additionally must be the obligation of provision designers. Keeping in mind the end goal to save individual's delicate information, there are steps the company can take. The first step would be to set up a secret word or lock code for the gadget when it is unmoving. It might be badly arranged. However, the prompt assurance it offers is incredibly gainful. Moreover, this will keep irregular people from getting to your gadget when you are far from it (Fried, 2010). Setting up remote wiping is an alternate security step that could be taken. Nowadays, all cell phones can send a sign to a gadget that triggers the product introduced to the gadget to erase all information put away on the gadget. If an individual loses their telephone or gadget they can only wipe it and get out all messages, archives and contacts quickly. Question 2:  Based on the best practices for mobile security, describe which of these countermeasures you believe would be most effective. Justify your choices. Encryption is an alternate security step that a ton of associations require on their laptops and different gadgets (Jansen, 2009). Unfortunately, this is not accessible for all gadgets available today however; in the event that it is available it ought to be utilized. Anti-infection programming is an alternate choice for ensuring ones telephone or gadget. Usually this product is in a kind of a make up for lost time to issues effectively found by past people who have been hacked. Anti-infection does not necessary guarantee security yet in the event that it catches malware; it is a profitable instrument to employ. Another method for staying away from security issues is to use the gadget as a small customer. User of cell phones ought to be tired of connections and likewise turn of the GPS characteristic when it is not required (Fried, 2010). An added profit to this is that it will likewise monitor player power. Another measure for securing ones gadget is to be watchful that Apps you stack onto the gadget. The exact opposite thing one can propose is to secure the gadget itself. One understand this appears insane however, without a doubt if an individual has focus on a particular person's gadget and needs the information held on it, he/she will have a lock code circumvent and have the data he or she needs before the manager even knows it is gone or has room schedule-wise to wipe it. The computer and network layers fall under the IT system of the organization and are the backbone of every organization. The computer and other information assets that add up to the overall information system of the organization such as databases, data files, software assets and physical hardware should be accounted for and have an assigned owner. Information should be classified to outline the needs, priorities, and degree of protection. Access to information processing facilities should be controlled on the basis of business and security requirements and information dissemination policies should be taken into account. Computers and other information assets should be fitted with strong passwords to be used in validating user's identity to access information. The allocation of passwords should be systematic and documented following a certain formal approach for example the first step should be to request users to sign an agreement to keep personal passwords confidential and group work passwords solely within the members of the group (Land, 2009). Users would then be required to maintain their own passwords and have a temporary password which would be used in case they forget their current one. This should happen only after positive identification of the user. The passwords should be given in a secure manner and the use of third parties electronic mail messages avoided. Passwords should at no one time be stored on computer system in unprotected form. Question 3:  Propose a security management solution that meets the business requirements. Include tools, processes, and policies required to implement the solution. With evolution of many variations of malicious codes used to hack into the computer systems, the goal must be to strive for maximum identification, containment, isolation and prevention of any malicious content (Raj, 2012). This recommendation can be easily achieved by organizing the computer infrastructure in five unique areas of protection. These are network server, backups, client and email. All these areas must be made capable of interrogating the data stream for malicious code within the commonly used internet applications of Hyper Text Transfer Protocol (http), File Transfer Protocol (ftp) and Simple Mail Transfer Protocol (SMTP). The malware protection architecture consists of remote access devices, web proxy servers and a hardware A/V solution as its Network components. All remote access devices should have the capability to ensure that the personnel permitted to gain access to the enterprise have the appropriate Soft ware firewalls, Antivirus software and Spyware software enabled. Their signatures should also be up to date. All Face Code Web proxy servers should also be in a position to ensure that all communication destined for internet passes through proxy device for scanning. Internet Utilization, email, and Voice Mail allotted to a representa...