Essay About Information Security And Business Preventionsecurity

The Meaning of Security
Week 1: Chapter 1: The meaning of SecurityThe cultural legacy: Business preventionSecurity has a bad reputation, especially information security. No one really likes or appreciates the “security guys”.  They are also called the ‘business prevention’ department. So the questions are to ask as to why this is so are: how did it happen?; why did we get this reputation?; and what did we do wrong?. Are the terms SECURITY and SECURE not defined properly? SECURITY is a relative term. There is actually no absolute scale of security or insecurity. Both terms only have a meaning when you are discussing something valuable. Something valuable that is in some shape or form, at risk and needs to be secured. Then the questions arise, how much security is needed, which depends upon the value and upon the operational risk. The other question is how do you measure the operational risk. Measuring and Prioritizing Business riskNow SECURITY is used to protect things that are of value. So, in a business environment, things of value are known as ASSETS. If the assets are damaged or destroyed in some way, they this business will suffer the impact. In order to prevent threats, in which, crystallize into loss events, a layer of protection needs to be implemented in order to keep the threats away from the assets. Now if the assets are poorly protected, meaning the security is poor, then that allows a vulnerability to the threat. In order to improve protection as well as reduce the vulnerability, security controls need to be introduced which can either be technical or procedural. OPERATIONAL RISK ASSESSMENT is the process of identifying business assets, recognizing threats, assessing the level of business impact and analyzing the vulnerabilities. OPERATIONAL RISK MITIGATION is when you apply suitable controls to gain balance between security, usability, cost as well as other business requirements. OPERATIONAL RISK MANAGEMENT is when risk assessment and risk mitigation are jointly comprised. The main thing that we have to understand here is that risk management is all about identifying and prioritizing the risks through the risk assessment process as well as applying levels of control in line with those priorities. Now what we actually get from risk assessment is a set of business requirements for security and control, ranked in order of priority. These are usually expressed as a series of control objectives, which means that they are an abstract description of business requirements for control. These are used to drive the selection of risk mitigation approaches anywhere from broad security and control strategies to logical security services, to physical security mechanism as well as eventually the security products, tools and technology components. Another term that comes to mind, instead of the term ‘control objectives’ is ‘ENABLEMENT OBJECTIVES’. This term means that security is primarily all about business enablement and not all about business prevention. Information Security as the Enabler of BusinessInformation security professionals just want a better reputation because their investments in information security are a key success factor for business. Their information security strategy is critical to not only current but future business growth as well. The no longer want to be known as ‘business prevention’ department, but the “business enabling’ department. In order for that to happen, they must do their job properly. Now there are several KEY TECHNOLOGIES that are changing the way business will be done in the future. They are:The Internet and the World Wide Web with all its services and protocols, especially the emerging ‘web services’ protocolsMobile handset with sophisticated communications and processing capabilitiesWeb-enabled digital television and the prospect of other web-enabled domestic appliances, especially for delivering entertainment and information servicesThe client server distributed architectures and advanced middleware productsHigh-bandwidth digital communicationsAdvanced data networking protocolsWireless communicationsPublic key infrastructureNetwork computing, thin clients, and mobile codeAs a result of these technologies, the major change that we will be seeing is the continued migration of both the point of sale as well as the point of delivery right into the premises of the customer. This is actually called B2C (BUSINESS TO CONSUMER), which is what electronic business or digital business actually means. Essentially, people can buy something or transact business without having to make a physical visit. They can do everything without leaving their house. A few clicks with their mouse and it is all completed. Now B2B (BUSINESS TO BUISNESS) is more of when businesses make digital transactions from one organization to the other. Because of all of this, there a re a number of possible threats, impacts, as well as vulnerabilities that will arise. Lack of customer confidence is a major obstacle to digital business and eBusiness development.  Such major business risks can include:Disclosure of private, personal information (bank accounts, medical history personal information)Fraudulent buyersFraudulent sellersTheft or payment of authorization details (credit card data)Errors or mistakes on a large scale (you ordered how many?)Disputes that are difficulty to resolve because everyone refuses to take responsibilityFrustration and loss of confidence in systems that do not work properlyThere are a few firms that have experienced some of these risks that I have mentioned firsthand.