Studying Information SecurityOther

Pages: 6 (1718 words)  |  Style: n/a  |  Sources: 0

Custom Writing

¶ … Security

The proliferation of information security threats continues to accelerate globally, with threats from within a company being even more damaging that those originating from the outside. Breaching network and enterprise application security can be commonly achieved using viruses, worms, phishing, JavaScript hacking, and Active X redirects that happen when a company's web browsers become infected with code designed to comprise their security. Of the many delivering methods for code designed to infiltrate the security of a network, e-mail is often the most often used. The incidence of internal breaches is higher than those from the outside as the methods of delivering them are so much easier to gain access to (Whitman, Mattord, 2012).

E-mail is often the most often used approach by hackers to deliver worms and viruses within a company. Internal e-mail is the most often used method for hackers to deliver worms, viruses and also phish for access to systems that have internal controls in place (Whitman, Mattord, 2012). Examples of these types of systems with secondary security safeguards in place include e-mail systems, accounts payable, accounts receivable and all other financial systems, in addition to pricing and production systems (Whitman, Mattord, 2012). With e-mail being so effective at penetrating the many departments in a company, it is common to find that viruses, worms and other security breaches are delivered by them. There are several reasons for this. First, there is the rapidity at which viruses and worm can be spread throughout a company network. Often this indicates the worm or virus has already found its way onto an internal server. This will make solving this security breach all the more challenging as more sophisticated viruses and worms begin by first infecting core e-mail application and server components. A worm at this level of sophistication will attach itself to the dynamically linked library (DLL) components of an application as well, causing further damage to all the system components involved. Second, hackers engineer the virus, worm or malicious code to begin prorogating itself through a sequence of e-mail strings that include a payload attachment, which is a very common technique of getting the worm initially passed spam filters and screening systems that are designed to protect e-mail systems from external threats. Third, the random nature of these attacks are very difficult to guard against as they are internally-based. Due to these weaknesses of e-mail systems in many companies, they are most often targeted by disgruntled employees and in some cases, employees paid by hackers to penetrate a company's e-mail system with the hope of gaining access to its financial systems (Whitman, Mattord, 2012).

For any company to be successful in managing security threats they need to realize that every aspect of their IT systems are at risk constantly of being compromised, and that the level of sophistication of hackers continues to accelerate

(Whitman, Mattord, 2012). To be complacent in enterprise security management, strategies and planning is to invite an attack. From e-mail systems to firewalls and network deterrent systems, hackers and entire organizations dedicated to finding new ways to compromise the intellectual property of companies globally is ongoing today. The pace and depth of these technologies' growth is an area that the U.S. Government and leading enterprise software security companies continue to track and work to define deterrents in response to the continual development of new threats (Whitman, Mattord, 2012).

All businesses need to realize that the next era of security threats has arrived and that their e-mail, firewall and even network deterrent systems must be kept current in order to address and overcome these threats. Unfortunately many companies let these critical areas of their enterprise security plan lapse, making internally-based threats easier to carry out and cause widespread damage. A core segment or section of an effective strategic security plan concentrates on how to best create a framework for ensuring security stays consistent across the entire enterprise. At the center of any successful enterprise security plan is a well-defined series of procedures and programs, including long-term strategies for protecting Intellectual Property, or the core information assets of a company.

Creating an enterprise security plan that has a strategic element is challenging for many companies however. First, there's the need to create a cross-functional team that has a clear series of security goals and objectives that are aligned with the business needs of the company. Aligning the enterprise security plan so that it accelerates and enables the core businesses that a company competes in (Whitman, Mattord, 2012). Enterprise security plans that are strategic in scope must be enablers of their company's business models while protecting the core intellectual property of the business. This is very challenging to do as companies and their senior management teams often have a very high level of resistance to change. What's needed as a first step in creating the enterprise security plan is clear assignment of responsibilities and the definition of a change management plan that can be used for ensuring every member of senior management and the IT team know their roles. Once this is done, every member of the cross-functional team needs to also have the opportunity to contribute to the project plan that will be used for defining and implementing enterprise-wide security.

Once the cross-functional team has been created and the change management program put into place, the enterprise security project plan can be created with specific tasks defined. Project leaders are responsible for managing the cross-functional team and ensuring every step in the plan is realistic and can be attained with the minimal amount of time and disruption to existing operations (Whitman, Mattord, 2012). Given the complex nature of the project plans produced for creating an enterprise security plan, it is common to find C-level executives acting as project leaders and managers, as they have the authority to redefine roles, responsibilities and modify departments and programs if necessary to achieve the project plan's goals (Whitman, Mattord, 2012). AC-level executive, often the CIO, will act as the project lead and then work with each member of the cross-functional team to help them get their tasks done so the enterprise security plan can be completed quickly.

When an enterprise security plan has been created and there is a project team in place representing a cross-functional group of the company's departments, the next step is to complete an enterprise security audit. This includes a thorough review of the systems in place today and the security vulnerabilities present. This is essential to quantify the security risks and benchmark enterprise-wide security so that a baseline of performance can be created. By creating a quantitative view of security threats, it's possible to measure the ongoing improvements being made and define a plan of action that prioritizes security threats, leading to the definition of a threat assessment that is also used for prioritizing which systems and contact points of an enterprise IT system architecture need to be secured first. Using these techniques project leaders will also complete a Pareto analysis of the most significant threats first and then assign cross-functional team members to take action on.

Often a Pareto analysis will show that the most critically important assets of a company are its patents, proprietary technologies and trade secrets which differentiate it from everyone else. The collection of these items are often called the intellectual property (Whitman, Mattord, 2012) of a firm. They are often at the top of a Pareto analysis given how valuable they are from a current and future revenue standpoint, in addition to keeping the company running in business. Intellectual Property can also take the form of algorithms, approaches to organizing information and often is a system itself (Whitman, Mattord, 2012). This makes the securing of an enterprise-wide IT system all the more challenging as the systems that often serve customers and the outside suppliers the best are often the most valuable as well (Whitman, Mattord, 2012). This is why enterprise security strategies are so critically important, as ultimately these systems that are being protected are giving a company the ability to better serve is customers and grow profitably over time.

Once an enterprise security plan is nearing completion, each department is given a series of entirely new roles and responsibilities. This is where change management programs and strategies become critically important. Only by making security changes an integral part of the responsibilities and reporting structure of a company can hope to make an enterprise security plan last for the long-term (Whitman, Mattord, 2012). This is why a C-level executive often must be involved in creating and managing the security plan as their experience and authority in an organization makes the long-term change more probable of being successful than if an outside consultant had attempted the same. The most successful enterprise security plans have a C-level owner or project leader who ensures their success over the long-term (Whitman, Mattord, 2012).

Enterprise security strategies are also heavily dependent creating a culture of ethics and transparency. One of the most common forms… [END OF PREVIEW]

Download Full Paper (6 pages; perfectly formatted; Microsoft Word file) Microsoft Word File

Access Control in Information Security


Information Security in Cloud Computing Platforms


Enterprise Security Plan Proposal


Information Technology (It) Hope to Experience Cost-Savings


Security Awareness the Weakest Link in an


View 1,000+ other related papers  >>

Cite This Paper:

APA Format

Studying Information Security.  (2014, November 16).  Retrieved November 21, 2017, from https://www.essaytown.com/subjects/paper/studying-information-security/4634240

MLA Format

"Studying Information Security."  16 November 2014.  Web.  21 November 2017. <https://www.essaytown.com/subjects/paper/studying-information-security/4634240>.

Chicago Format

"Studying Information Security."  Essaytown.com.  November 16, 2014.  Accessed November 21, 2017.
https://www.essaytown.com/subjects/paper/studying-information-security/4634240.

Disclaimer