Taxonomy Of Information Security Assessment â€Myassignmenthelp.Com

Question: Discuss About The Taxonomy Of Information Security Assessment? Answer: Introduction The primary motive of every business organization is to grow, expand and earn more profits. The same is possible only when the customer base that is associated with the business is increased. In the case study, XYZ organization has been covered which is a Melbourne based company that works in the area of software. It is a small firm that began its business fifty months back. The company makes sure that the information and network based security attacks are checked and controlled and therefore, develops the solutions for the same. The mode of operations for the company is either the in-house development of the packages and applications or the customization of the same. The company currently operates with the clients from Australia and most of these clients are small to medium scale business owners and organizations. The management of XYZ organization has now decided to expand and it would be essential to collaborate with new and more clients. The area of focus for the expansion would be the development and implementation of the online security packages and services. The company has decided to target the organizations from three categories and sectors as gambling, hospitality industry and pharmaceutical. There are some of the quick changes and advancements that are taking place in the area of technology and security. The organizations in the current times and making use of a lot of information which is also transmitted, managed, processed and stored. Due to the involvement of numerous entities, the likelihood of security risks and attacks has gone up. There are newer and more severe security attacks that are taking place with increased frequency. There is a lot of work that is being done for the control of the same as well (Mohammed Salim, 2016). The aim of this report is to cover the information/network security aspect for the organization by discussing the latest developments in this field and also highlighting some of the applications that are developed in this domain. Definition of Information and Network Security Data and information are composed of a lot many different elements. There are contents as well as properties that make up a particular information set and some of the viable properties include the confidentiality, privacy, availability and integrity of the information. Information Security is an amalgamation of various procedures and controls to safeguard the information which includes it content as well as the properties. The risks and probable attacks to the security may take place through different mediums and agents. One of such mediums is the network and the measures that are taken to control the network based security risks, threats and attacks come under the domain of network security. A secure network makes sure that a majority of the threats to the information and data sets are avoided (Gnanasankaran, Natarajan, Alagarsamy Iyakutti, 2013). Information and Network Security Risks A Few Examples Information that is either stored or is transmitted from one source to the destination may be breached by the attacker. The contents or the properties may get lost in between or there may also be occurrences of leakage (Nazareth Choi, 2015). Attacks on the information availability which may include the various forms of the flooding attacks. Malware attacks by introducing a particular malware on the information set. It may damage any of the information properties as per the nature of the malware. Man in the middle attack which is one of the types of the network based security attack in which the attacker sits on the network and captures the activities of the same (Lippmann Riordan, 2016). Spoofing and phishing attacks that make use of the impersonation techniques to give shape to the attack (Bajwa, 2014). Alteration of the message and media contents that may lead to the violation of the information integrity (Shameli-Sendi, 2017). Latest Developments and Advancements There are some of the quick changes and advancements that are taking place in the area of technology and security. The organizations in the current times and making use of a lot of information which is also transmitted, managed, processed and stored. Due to the involvement of numerous entities, the likelihood of security risks and attacks has gone up. There are newer and more severe security attacks that are taking place with increased frequency. There is a lot of work that is being done for the control of the same as well (Haider, Samdani, Ali Kamran, 2016). Some of the technologies that have been recently launched and have expanded at a rapid rate include Big Data and Business Intelligence tools. These technologies and tools are being applied in the area of information and network security for the development of enhanced applications. There is also a lot of work that is being done in the area of network based intrusion detection systems and cryptographic algorithms (Roozbahani Azad, 2015). Information/Network Security Applications Comodo Advanced Endpoint Technology in the current times has so many different components that the focus of the maintenance of security of each of these components is usually not fulfilled by the users. It is due to this reason that the demand for integrated security applications has enhanced in the market. The use, deployment and maintenance of the application for the security of every single component are no longer possible. Comodo Advanced Equipment is one such integrated security solution that allows and offers the overall security and may be used by the organization for its successful expansion (Strom, 2016). The most powerful feature of the application is its platform that is extremely secure and makes sure that only the secure and non-objectionable files are provided with the access and the other ones are blocked for further checks. There may also be certain files and components that may be suspicious in nature and are handled separately. The application ensures overall system and information security and comes with a store protection from the various types of malware. The features such as use of SSL certificates, internet security and firewall are also integrated. In the current times, it is not sufficient to mainly identify the threats and develop the prevention for the same. It is equally important to make use of the technology to work on the root cause of these threats. This tool makes use of Big Data and numerous Business Intelligence technologies to analyze the behavior of the threats. Also, the intruder activity is analyzed using advanced analytics so that the future occurrences may be avoided and the threat is removed right from its root. Therefore, this tool will be of much aid to the organization. The sets of benefits and the features that are offered with this application are high and some of the items are listed below. The most important feature of the application is the enhanced level of integration that is offered with it to improve the overall security. Patches can be easily handled with this tool (Comodo, 2016). The issues associated with compatibility of the tool are not witnessed. The application offers the ability to be monitored remotely and the level of control with the admin is also high. There is an amalgamation of the latest technologies and tools in the application. It is low on cost and comes with an easy affordability. There are also a few drawbacks that may be witnessed with this applications and it would be essential to have an idea of the same before acquiring the application. The deployment model that is used by the tool may not go well with all the users and their systems. Lack of strong and useful documentation (Stephenson, 2017). VeraCrypt The technocrats and researchers have developed many different measures and mechanisms to improve upon the security of the information and the networks. One of the most significant and useful attempt towards the same is the use of encryption. Encryption is a mechanism in which the information and files are converted to their cipher of encrypted form. These contents can only be viewed with the aid of a security key which may be public, shared or private in nature. There are tools that have been developed for this purpose and one of the widely used tools is VeraCrypt. IDRIX is the creator of this open source tool that offers the ability to enable disk encryption in the system. The various forms of security risks and threats are prevented as a result (Fearn, 2017). The application offers enhanced security and comes with the following benefits. Cold boot attacks and many of the network based security attacks can be prevented (PCMag, 2017). All the forms of attacks associated with backdoor access can be prevented. The tool provides the enhanced form of security to the smart cards. Information breaches can be prevented. The security attacks associated with the information loss and its leakage can also be prevented. There are also a few drawbacks that may be witnessed with this applications and it would be essential to have an idea of the same before acquiring the application. It is mandatory to receive training on the functional aspects of the application. There may be certain cases of operational mistakes and errors (Veracrypt, 2017). Bitdefender Antivirus Plus Malware attacks have a high frequency, high likelihood and a high impact of the security attack on the information, system, database and the network. There are different types of malware that can be created and launched which may have a corresponding impact. These malware are designed for specific reasons and therefore, the significance of the impact resulting out from these attacks can be high. Bitdefender Antivirus Plus is an application that has been developed to put a control on the malware attacks and to also detect their presence (Pcmag, 2016). The application has a wide set of features that is offers and there are also many advantages that come along with the application. Phishing protection can be enabled with this application and it does not require the use or installation of any of the browser plug-ins for the same. The user experience with the application is good as the application makes good use of user interaction and the information regarding the security attacks and probability of the same is marked correctly. There are various forms and types of security scans that can be performed on the information sets, systems and networks. Most of the users make use of the Wi-Fi connections for connecting their specific device to the network. The application comes with a Wi-Fi scanner that can be used for the scanning of the network and detects the presence of any of the unsecure component. Protection to the ransomware attacks is also offered by this application. There are various financial transactions that the user may perform with the aid of the system or the application. Safepay is the feature that comes with the application so that such transactions are secured. There are also a few drawbacks that may be witnessed with this applications and it would be essential to have an idea of the same before acquiring the application. Password Manager that has been included in the application has security defects in it. Some of the utilities may be required to be purchased as an add-on. Renewal of the subscription plan also involves cost. Expansion Plan The expansion of an organization is composed of many different activities and phases. The above three applications that have been described may assist XYZ company to expand and easily execute the tasks of in-house application development and customization processes. The following focus points must be considered and remembered during the expansion activity. The management must prepare a list of the existing security solutions they provide and research upon the solutions that they need to incorporate. A mapping between the two shall be created. Areas such as cryptography, network based security, Business Intelligence techniques and Big Data tools shall be researched. The new set of technologies and the applications that are offered shall be adequately marketed by describing the latest offerings to the clients. A separate department shall also be set up for the areas of security along with monitoring and control of the project. The senior management shall also intervene frequently to understand the progress. Conclusion Information security and network security are the two topics that are being extensively studied and analyzed by the researchers and technocrats. It is due to this reason that there is a lot of development that is being witnessed in these areas (Allen, 2012). Bitdefender Antivirus Plus is an application that has been developed to put a control on the malware attacks and to also detect their presence. There are different types of malware that can be created and launched which may have a corresponding impact. These malware are designed for specific reasons and therefore, the significance of the impact resulting out from these attacks can be high. Comodo Advanced Equipment is an integrated security solution that allows and offers the overall security and may be used by the organization for its successful expansion. The most powerful feature of the application is its platform that is extremely secure and makes sure that only the secure and non-objectionable files are provided with the access and the other ones are blocked for further checks. Encryption is a mechanism in which the information and files are converted to their cipher of encrypted form. These contents can only be viewed with the aid of a security key which may be public, shared o r private in nature. There are tools that have been developed for this purpose and one of the widely used tools is VeraCrypt. IDRIX is the creator of this open source tool that offers the ability to enable disk encryption in the system. These three applications and many others will allow XYZ organization to easily expand and fulfill its objectives. These will make sure that adequate strategies are followed and implemented so that the in-house development may take place. These will also assist in the customization of the off-the-shelf applications so that the overall expansion process is made smoother and easier. Set of Findings and Recommendations There are various developments that are happening in the area of technology and the organization must research correctly to have a clear picture on the tools and technologies that it may use and implement. There are technologies such as Big Data and Business Intelligence that are on a rise and are being applied in all of the business sectors. The use and integration processes of these technologies shall be researched and analyzed correctly (Hagen, 2013). The management must also set up a team to research on the advanced encryption algorithms and processes that may be used and applied (Brecht, 2012). The selection between the two methods viz. in-house development and the customization activities shall be selected on the basis of the customer requirements. The various factors and elements must be analyzed before selecting the method that shall be used and applied. There will also be many changes that will come up during the process of expansion. The management of these changes shall be done with a proper plan and there shall also be a marketing strategy that shall be developed so that the customers get to know about their latest offers and services. The several modes and mediums of marketing shall also be clearly listed out. References Allen, J. (2012). Deriving Software Security Measures from Information Security Standards of Practice. Retrieved 18 September 2017, from https://www.sei.cmu.edu/library/assets/whitepapers/derivingsecuritymeasures.pdf Bajwa, M. (2014). Wireless Network Security Threats and MitigationA Survey. Retrieved 18 September 2017, from https://file.scirp.org/pdf/_2014091813425297.pdf Brecht, M. (2012). A Closer Look at Information Security Costs Working Paper. Retrieved 18 September 2017, from https://www.econinfosec.org/archive/weis2012/papers/Brecht_WEIS2012.pdf Comodo. (2016). Comodo Launches Advanced Endpoint Protection Solution. comodo.com. Retrieved 18 September 2017, from https://www.comodo.com/news/press_releases/2016/02/comodo-launches-advanced-endpoint-protection.html Fearn, N. (2017). Top 5 best encryption tools of 2017. TechRadar. Retrieved 18 September 2017, from https://www.techradar.com/news/top-5-best-encryption-tools Gnanasankaran, N., Natarajan, S., Alagarsamy, K., Iyakutti, K. (2013). A Case Study of the Application of COTS Components in a Molecular Dynamics Software. Retrieved 14 September 2017, from https://www.lnse.org/papers/31-E060.pdf Hagen, J. (2013). Effectiveness of Organisational Information security measures. Retrieved 18 September 2017, from https://www.frisc.no/wp-content/uploads/2013/02/finse2013-hagen.pdf Haider, S., Samdani, G., Ali, M., Kamran, M. (2016). A comparvative analysis of In-house and outsorced development in software Industry. Retrieved 14 September 2017, from https://www.ijcaonline.org/archives/volume141/number3/haider-2016-ijca-909578.pdf Lippmann, R., Riordan, J. (2016). Threat-Based Risk Assessment for Enterprise Networks. Retrieved 18 September 2017, from https://ll.mit.edu/publications/journal/pdf/vol22_no1/22_1_3_Lippmann.pdf Mohammed Salim, R. (2016). Importance of network security for business organization. Retrieved 14 September 2017, from https://file://melstud/12047542$/Downloads/9120836%20(3).pdf Nazareth, D., Choi, J. (2015). A system dynamics model for information security management. Retrieved 14 September 2017, from https://ac.els-cdn.com/S0378720614001335/1-s2.0-S0378720614001335main.pdf?_tid=c703030a-8eb5-11e7-b607-00000aacb362acdnat=1504229883_21b0981211b42a588a985a023ef05aa3 Pcmag. (2016). Bitdefender Antivirus Plus. PCMag India. Retrieved 18 September 2017, from https://in.pcmag.com/bitdefender-antivirus-plus-2015/52300/review/bitdefender-antivirus-plus PCMag. (2017). VeraCrypt. PCMag Business Software Index. Retrieved 18 September 2017, from https://www.pcmag.com/business/directory/encryption/1671-veracrypt Roozbahani, F., Azad, R. (2015). Security Solutions against Computer Networks Threats. Retrieved 14 September 2017, from https://www.ijana.in/papers/V7I-1.pdf Shameli-Sendi, A. (2017). Taxonomy of Information Security Risk Assessment (ISRA). Retrieved 18 September 2017, from https://www.synchromedia.ca/system/files/SurveyRisk.pdf Stephenson, P. (2017). Comodo Advanced Endpoint Protection product review | SC Media UK. Scmagazineuk.com. Retrieved 18 September 2017, from https://www.scmagazineuk.com/comodo-advanced-endpoint-protection/review/9393/ Strom, D. (2016). 10 cutting-edge tools that take endpoint security to a new level. Network World. Retrieved 18 September 2017, from https://www.networkworld.com/article/3089361/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html Veracrypt. (2017). VeraCrypt. CodePlex. Retrieved 18 September 2017, from https://veracrypt.codeplex.com/