1. What are information security policies and information security plans and how are they related?
2. What is the acceptable use policy and under what conditions does it apply?
3. What types of security should a bank implement and what affects would it have? What major types of attacks should a company expect?
4. What are three ways to prevent identity theft mentioned in the text?
5. Define the three primary information security areas (with examples) and discuss situations in which are they needed. In what ways do the different types of hackers and viruses affect these security areas and information security plans and policies?
This assignment shows how technology impacting the world of business and how does it support the business initiatives (Kessler, 2012). Information systems address support to all discipline whether it is manufacturing, operations management, marketing, sales, human resources or finance and accounting (Doherty and Fulford, 2006). The mutual goals that are related to projects of information technology are improvement in productivity, reduction in cost, improvement in consumer satisfaction thereby increasing loyalty, etc (Haag, Baltzan and Phillips, 2006).
1. Information security policies and plans and how they are accepted
The security policies are instructions from management which indicates the predetermined set of actions or a process to handle a situation or an issue. Information security plan or ISP is intended to safeguard the resources which are critical and informational from extensive business stability, reduction of risk and increasing return on the investments. When the security codes are in correct hands and all information and data is privately maintained only than the organization will accept the policies.
2. Acceptable use policy and application conditions
The acceptable use policy (AUP) is the policy which the user has to be in the agreement in order to get the access to the internet or the network. A contractual condition called Nonrepudiation is maintained to ensure that the participants of the e-business don’t deny their online activity (Reed, 2007). This is a clause that is contained in the AUP. The business organizations require their employees to give their signature on the acceptable policy to gain the internet access. When they sign on ISP than each of the customer is given an AUP that states that they have agreed to follow the conditions.
The conditions can be:
- Nobody should use the internet to violate the law
- Nobody should break the security of the user or any network
3. Security implementation in banks and the types of attacks they may face
Bank is a financial institution where monetary transaction is high which in turn increases the risk. Following can be the security that a bank can implement and the affects of it:
- Drive better risk assessment: The banks should implement a strategy where they can secure their online relationships with their customers which will address the current requirements and can help them adapt to meet the challenges of tomorrow.
- Adopt strong authentication standards: The present day threats require a strong authentication than passwords and username. So they have to change it every alternate time so that they do not face serious security issues like mishandling of data, etc.
- Explore advanced authentication techniques: Banks should explore new and advanced techniques like dynamic device authenticity, mobile based transaction, etc. to find different.
The company should expect that there will be online mishandling of data where the security may be breached by any of the member of the organization. Other issues can virus attack, malware, Trojan horse, worm and IP attacks.
4. Three ways to prevent identity theft
The three ways to prevent the identity theft are:
- Deter- First deter the identity thieves by securing the information (Harold and Thenmozhi, 2014).
- Detect- Secondly, detect the activities which are suspicious by monitoring the financial accounts and also the billing statements.
- Defend- Finally defend the suspect that the banks have seen, the victim of the identity theft.
In case of HP, Chairperson Patricia C. Dunn stepped down because of manipulating data by using unethical methods of information security system of the organization.
5. Three primary information security areas and different types of hackers and viruses affect these security plans and policies
Key security areas are:
- Application layer security
- Network layer security
- Ethical security
Application layer security measure is taken to prevent gaps in security policy. (Messner, 2007) Network layer security measure is taken to protect the physical interface between the network hardware and host computer (Dacey, 2003). Finally the ethical layer security measures are taken to see which sources are disrupting the network by hacking into it (Hacking Exposed (TM) Web 2.0: Web 2.0 security secrets and solutions, 2008). Viruses are programs that affect the users by duplicating themselves and attacking the files in the computers. Worms are self-generated programs that spread in the computer but only affect when the user opens the link or a particular file (Web services security, 2003).
Corporate mail is a common term in an organization. Any formal interactions between the employees and the management or management to management are done through corporate mail. This is because these mails need a different approach from informal mails. It was recently seen that companies are firing employee who are not following the protocol of sending corporate mails. Now many organizations are hiring people who will monitor the mails send to the management which are corporate mails. Thus it means that we are not only the ones who are accessing the mails but there are people who are keeping an eye on our mails. There are many regulatory, financial and legal issues mentioned in the mails. The companies surveyed that there was email leak and breach of confidentiality. So the companies put some policies which the employees should follow:
- E-policies are laid down to have the knowledge about the legitimate users of the network.
- Policies should be up to date; this helps the organization in ethical use of the policy.
- The policies should describe the position of the company in regards to the purpose of the internet access.
- The policies should balance with the ethical use of computer policy.
- E-mail policies should define the legal grounds for reading e-mail and the procedure required before actions take place
- Polices should state that employees should be careful at the time of mailing and making documents which are also available to others.
Corporate mail is vital for transmitting formal and important messages. A wrong use of corporate mail can hamper the working of the company. Policies are made for employees but if they don’t follow than they are putting themselves and also the company at risk.
Dacey, R. (2003). Information security. Washington, D.C.: U.S. General Accounting Office.
Doherty, N. and Fulford, H. (2006). Aligning the information security policy with the strategic information systems plan. Computers & Security, 25(1), pp.55-63.
Haag, S., Baltzan, P. and Phillips, A. (2006). Business driven technology. New York, N.Y.: McGraw-Hill/Irwin.
Hacking Exposed (TM) Web 2.0: Web 2.0 security secrets and solutions. (2008). Choice Reviews Online, 46(02), pp.46-0929-46-0929.
Harold, L. and Thenmozhi, M. (2014). The development and application of information system driven value creation in Indian financial services sector. IJBIS, 17(2), p.198.
Kessler, G. (2012). Information Security: New Threats or Familiar Problems?. Computer, 45(2), pp.59-65.
Messner, W. (2007). Justifying information system value: Development of a method for measuring customer advisory system effectiveness. Business Information Review, 24(2), pp.126-134.
Reed, B. (2007). Implementing Information Lifecycle Security (ILS)*. Information Systems Security, 16(3), pp.177-181.
Web services security. (2003). Computer Fraud & Security, 2003(3), pp.15-17.