Computer Science: Security Standards Of Online Business (Essay Sample)

Name
Professor
Course
Date
Security Standards
Introduction
The business world is experiencing numerous costs and these costs continue to augment due to poor maintenance of company information. Companies have to possess stable systems in order to avert loss or theft of imperative firm information. Moving business to online mode offers substantial pressure to companies thus necessitating companies to tackle security matter at all levels; from lawful, operational and conformity sides.
Utilization of international standards guarantee safeguard of the information to some extent, since it never offers firms the methodologies and details that are involved in undertaking certain processes. This implies that firms are aware of the harmful actions that can lead to theft or loss, although they lack adequate knowledge on ways to curb or deal with certain security problems.
In undertaking risk assessments, only the merits and definition of various elements concerning the process are presented while the standard never offers how the process can be undertaken in practicality (Myler & Broadbent 44). Additionally, the standard never provides the expected results, which can be utilized to determine the quality that the process achieves.
The standard asserts that workers ought to pursue security procedures and offers a prologue to training activities regarding security matters. Nevertheless, the standard never offers ways in which users must be edified or stimulated to practice these procedures (Siponen 98). Undertaking trainings cannot guarantee that employees will pursue the presented procedures. In the establishment of security policies, the standard lacks information on ways to create systems that cannot be easily breached (Siponen 98). Additionally, it only mentions that the management must build up their security policies for every information asset. Tackling physical threat is an imperative standard to safeguard company information although the standard never offers comprehensive technique to deal with security matters.
Information Security Metrics
The new model in information security considers the diversity in configuration settings that are present for definite security specifications. According to the model, utilization of certain settings and standards may hamper security interoperability especially in heterogeneous environments (Tan, Poslad & Titkov 353). Universal security cannot be deliberated prior to the creation of these standards and settings thus necessitating the process. Therefore, the new model seeks to alleviate these troubles through of reuse of various security specifications in different environments either heterogeneous or homogenous (Tan, Poslad & Titkov 353). Additionally, dynamic approach for the configuration and supervision of security that allow operation in heterogeneous domains comprising of heterogeneous stakeholders is required, necessitating the creation of the new model.
The present security specifications are unable to offer complete security resolution. Lacks of universal techniques for configuring consistent peripheral security configurations have considerably influenced the development of dynamic models. Current models exhibit difficulties in agreeing on certain configurations due to manifold settings. Current models as assumed to be imperfect, considering the technologies that they utilize. Utilization of HTTPS architectures has the possibility of becoming delicate, consid...