| Papers [1-14] of 100 :: [Page 1 of 8] | | Go to page : 1 2 3 4 5 6 7 8 —> | Search results on "INFORMATION SECURITY MANAGEMENT": |
|
|
Information Security, 2007.
A development of a security assessment model for information security.
7,461 words (approx. 29.8 pages), 16 sources, MLA, £ 116.95
»
Click here to show/hide summary
Abstract
This paper describes and analyzes the problems and risks with information security in the modern world. It then attempts to develop and test a five-dimensional information security assessment model. The security assessment models aims to include administrative security controls, employee security controls, physical security controls, logical security controls and data communication security controls.
Table of Contents:
Introduction
Problem Statement
Significance of the Study
Background of the Study
Literature Review
Methodology
Research Objectives
Research Method
Research Design
Sampling Unit
Sampling Frame
Method of Selecting the Sample Elements
Scale Development
Data Analysis
Our Information Security Model
Questionnaires
Reliability and Validity of the Results
Advantages
Delimitations
Ethical Issues
From the Paper
"Since encryption is so widely used, there are numerous advancements made in its genre, and the latest enhancement was the central government's key escrow encryption proposal. This is more commonly called the Clipper Chip and the Capstone chip. The Clipper Chip, as the name suggests comes in the size and form of a chip and holds the private key encryption algorithm. The Capstone chip, also in the form of the chip, holds the public key encryption algorithm. Both the encryption algorithms used in these chips when sold off have to be recorded in two different government or government-supported companies. This way the government has the inside access to these algorithms in case they need to use them for implementation of the regulations or public security functions (McNab 2004)."
| |
|
Veterans Affairs Information Security, 2008.
Looks at mitigating information security vulnerabilities at the Department of Veterans Affairs (VA).
2,690 words (approx. 10.8 pages), 12 sources, APA, £ 56.95
»
Click here to show/hide summary
Abstract
This paper explains that information security at the Department of Veterans Affairs (VA) is very important because the VA is the largest administrator of healthcare services and insurance in the United States and provides a wide range of benefits and services for millions of American citizens, which involves extensive e-commerce. The author relates that a security problem in 2006 caused the Department to hire an outside consultation services to evaluate its information security procedures. The paper discusses this decision and describes the outsourcing process.
Table of Contents:
Introduction
Review and Discussion
Analysis of Outsourcing and Information Security Risks.
Costs and Benefits Relating to Outsourcing
Security Functions and Security Considerations when Outsourcing
Outsourcing Processes and Procedures
Conclusion
From the Paper
"In those cases where the decision is made to outsource a given security function, due diligence can be accomplished through the vendor selection process and the request for proposal (RFP); these reviews are essential when assessing the potential scope and impact of an outsourcing arrangement on IT processes, infrastructure and staff, and the probable size of the outsourcing contract. Moreover, crafting such an RFP for outsourcing a VA security-related IT function becomes even more critical than an RFP for other types of vendor arrangements."
| |
|
Electronic Information Security Documentation, 2006.
This paper discusses the need for security management in IT systems.
1,138 words (approx. 4.6 pages), 3 sources, MLA, £ 27.95
»
Click here to show/hide summary
Abstract
An overview of the existing security management software programs for computer systems and the risks of operating with a security management system that is not up to standard. This paper also reviews the security management systems that are currently being developed, keeping up with the dynamic pace of the computer world.
From the Paper
"The new standards as given in the recent security documentation methods provide some guidance, yet these methods do not guide the security officers engaged in the job. When the data is collected in the traditional formats, they may not provide good security, as most of this data will have to be regularly updated. There have been suggestions that a security officer with a database and GUIs may provide better security. This requires an improvement of the information system and the secure items have to be presented in a standard format. There are security officers even now, but they are involved with only security and their job is to check that systems are being implemented correctly. On the other hand, they should try to view the business risk due to security flaws and request for changes in the system from the point of view of better security.
To make this judgment, there is a requirement for assessment of risk and that is a time consuming job. Thus most of the concerned people prefer to work with more simplified models of the system and ask for estimates of risk from IT employees, which are subjective. In a complex system, this is not possible and is dangerous when the defects in information can cause harm to the organization in terms of money. This means that security officers should be ready with convincing documents to support views of their risk if the system fails due to any reason. Thus it is clear that security officers in organizations should be able to understand the importance of proper methods, but no system does that at present."
| |
|
Information Systems Security, 2004.
A discussion on the negative consequences to an organisation that suffers a major security breach to a core information system.
3,677 words (approx. 14.7 pages), 23 sources, MLA, £ 72.95
»
Click here to show/hide summary
Abstract
This paper discusses information systems (IS) security and focuses on three areas relating to IS security. These three sections cover the possible impact a major information security breach has on an organisation, the security frameworks an organisation should adopt to protect and information system and describe the OCTAVE risk based strategic assessment and planning technique specifically designed for information systems security.
Outline
Introduction
Information System Security Breaches ? Impacts on Organisation
Information Systems Security Framework
OCTAVE and Information Systems Security
Bibliography
From the Paper
"Information systems (IS) security is challenging most organisations in the world today. As organisations recognise the importance of information to compete and be successful in business, an increase in security awareness to protect this information has also followed. As a greater reliance has been placed of information systems by organisations, the need to protect IS systems have never been so relevant as they are today. Highly publicised security breaches have made organisations realise how this can affect business, particularly when it relates to confidential, financial and personal information."
| |
|
Information Systems Security Strategy, 2007.
A comparative analysis of the information systems security strategies of the Federal Bureau of Investigation (FBI) and the National Institute of Standards and Technology (NIST).
2,196 words (approx. 8.8 pages), 10 sources, APA, £ 48.95
»
Click here to show/hide summary
Abstract
This paper examines how, since the 9/11 incidents, information systems security has been a primary concern by all organizations as a result of the consequences that resulted in the loss of data and information in the ensuing attacks. It discusses the information systems security strategies of two federal agencies: the Federal Bureau of Investigation (FBI) and the National Institute of Standards and Technology (NIST). It looks at how these two distinct agencies are opposites in term of their mandates; one is the premier law enforcement and security agency of the nation that already has a hard core security function as its mission while the other one sets the standards in various aspects of technology and business processes.
From the Paper
"The FBI is the premier federal law enforcement and criminal investigative body of the United States. It is under the Department of Justice (DOJ) and has as its mission: "To protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners." Its current director, Robert S. Mueller III, literally went through a "baptism of fire" because of the 9/11 terrorist attacks. He was recently sworn in a week before the attacks (September 4, 2001) thus not having the luxury of a "honeymoon period" in the agency. In fiscal year 2006, the total budget of the FBI was approximately $5.7 billion, including $495 million in program increases to enhance counterterrorism, counterintelligence, cyber crime, information technology, security, forensics, training, and criminal programs ."
| |
|
Chief Information Security Officers, 2007.
This paper provides a phenomenological study of government and private industry chief information security officers (CISO).
7,554 words (approx. 30.2 pages), 15 sources, MLA, £ 116.95
»
Click here to show/hide summary
Abstract
In this work the writer seeks to identify the skill set of the CISO, or the chief information security officer, in the business world of today with the complex problems that are faced. It is the belief of the researcher that there must be special and identifiable attributes and through phenomenological study of a vast amount of literature, survey and case study documentation, this work seeks to make those identifications. This paper discovers that there are most certainly special attributes of these individuals in performing their role and successfully fulfilling their responsibilities in such roles.
Outline:
Abstract
Objective
Significance of the Study
Hypothesis
Rationale
Literature Review
Ten Top Challenges Rates by Federal CISOs
Critical Technology Ratings of 10 Federal CISOs
Federal CISO and CIO Responsibilities
Figures
Use of Security Tools and Technology
Summary of the Literature Reviewed
Theoretical Framework
Research Question
Data Collection and Analysis
Testable Hypotheses
Rival Hypotheses
Contribution to the Body of Knowledge
Research Methodology
Data Collection and Analysis Design
Project Plan for Execution of Design and Reporting Results
Projected Results and Presentation of Projected Results
Bibliography
From the Paper
"The rationale upon which this study is based is that in today's increasingly complex world of Information system and information technology and the applications that are utilized each and every day by the business and finance, economic, banking, governmental, and other transactions that are necessary for the world to function the responsibility that lay in the hands of the CISO, or 'Chief Information Security Office' is one of great import both in terms of their own stability, but the security of those depending upon them to carry that heavy load. There must be specific attributes that assist these individuals in skillfully carrying out their appointed role and that allows them to remain in their role successfully. This study seeks to identify a specific set of skills or attributes of these individuals through exploration of literature seeking to identify the same."
| |
|
Information Security.
This paper discusses the legal issues of information security in many countries, especially New Zealand.
3,085 words (approx. 12.3 pages), 15 sources, APA, £ 63.95
»
Click here to show/hide summary
Abstract
This paper explains that more legislation is needed to specifically address areas of information security. New Zealand's most recent legislation on computer crime, the Crimes Amendment Act of 2003, lends legal coverage for the genre of typical computer crimes, but does not address how to apply these laws in the real world. The author points out that Belgium has a specific law addressing computer forgery, computer fraud, hacking, and sabotage, making them criminal offenses; unauthorized access of a computer system carries a sentence of imprisonment of three months to one year, and if this crime is committed with the intention to defraud, the term of imprisonment may be from six months to two years. The paper relates that People's Republic of China's law, which criminalizes unauthorized surveillance of information systems, imposes a fine in the amount of one to three times as much as the amount of the illegal income, and the confiscation of illegal income from these sales.
From the Paper
"In particular, New Zealand companies have faced severe information security threats and resulting legal challenges, which the New Zealand government has addressed through legislation. Even as recent as 1997, New Zealand has faced difficulties with prosecuting information technology crimes as a result of a lack of Parliament Acts that provide laws relating to information technology crimes. Before the introduction of Acts between 2003 and 2004, prosecutions were attempted using laws that were designed before computers were commonplace and did not adequately address the advancements in information technology."
| |
|
Teenager's Awareness of Information Security, 2008.
A research proposal for an analytical assessment of teenagers' awareness and their lack of implementing information security and online privacy concepts.
8,487 words (approx. 33.9 pages), 13 sources, APA, £ 126.95
»
Click here to show/hide summary
Abstract
This work contains a research proposal for a behavioral medication intervention for teens ages 12 to 17, as well as for their parents and peer-groups. It presents an initiative to facilitate a change in behavior relating to the way teenagers perceive information technology security and privacy identification issues and threats while interacting with media via the Internet.
Table of Contents:
Chapter 1 - Introduction to the Study
Introduction
Statement of the Problem
Background of the Problem
Purpose of the Study
Research Design
Scope and Delimitation
Limitations
Theoretical Conceptual Support for the Study
Assumptions
Research Questions
Significance of Study
Social Change
Definition of Terms
Acronyms
Summary
From the Paper
"The research design of this study is qualitative in nature and will be implemented through survey/questionnaires and focus group studies using behavioral modification intervention which makes the individuals ages 12-17, their parents, and their peer-groups cognitively aware of the inherent dangers when interacting with media via the Internet and which is geared toward changes that will ensure safety and security for these individuals when participating in online media communities. This intervention is to be introduced at the community level. Peer-group and parent support will provide the necessary supports needed to reinforce the behavioral changes for this age group and further the information provided to the parents will ensure that they have the necessary knowledge and capacity to ensure that they are positive reinforcers of safety and security issues. Peer-group normative behavior will further assist in this behavioral change as the normative behavior is established and then reinforced in and among members of the peer group in relation to Internet safety and security measures."
| |
|
Information Technology Security, 2007.
An analysis of information technology security and steps to be taken to prevent its breach.
895 words (approx. 3.6 pages), 2 sources, APA, £ 22.95
»
Click here to show/hide summary
Abstract
This paper discusses various concepts regarding information technology security. Specifically, it focuses on denial of service (DOS) attacks and describes measure that can be taken by Internet community members to prevent them. It then looks at digital certificates and signatures and what steps the sender and receiver must take in order to send or receive a digital signature. The paper concludes by discussing cryptographic systems.
Table of Contents:
DOS Attacks
Digital Certificates
Digital Signatures
SSL/TLS and PPTP as Cryptographic Systems
From the Paper
"In the security triad of confidentiality, integrity and availability, extreme implementation to any one of the three will render the two others as weak. Hence, if too much emphasis is put on security by protecting the level of confidentiality availability and integrity of the system will be compromised. If users are given too much access (availability) to the system, then confidentiality will suffer. Although weak cryptographic protocols, SSL/TLS and PPTP are still widely used because they are easy to deploy and implementation is simpler. If the system being protected is not highly confidential, then these three protocols are enough to serve its purpose. For more secure systems, newer and more advanced systems (more difficult to implement) must be used to attain the required level of security."
| |
|
Information Security Management, 2002.
Why information security management is essential for a proper e-commerce business.
2,150 words (approx. 8.6 pages), 8 sources, £ 56.95
»
Click here to show/hide summary
Abstract
This paper discusses the importance of information security management in the development of e-commerce businesses.
| |
|
Microsoft Security Risk Management, 2006.
This paper examines what critical success factors Microsoft uses to successfully manage risk and whether those practices might be useful or practical for other companies to adopt.
3,208 words (approx. 12.8 pages), 9 sources, MLA, £ 65.95
»
Click here to show/hide summary
Abstract
Security risk management is a vital tool ensuring the continued success, productivity and stability of organizations across the globe. The writer explains how it is increasingly vital in our technology driven and global marketplace that organizations find ways to mitigate the increased risks associated with doing business in their environment. The paper analyzes Microsoft's security risk management program and discusses how this involves a proactive approach to risk management. The paper then concludes that organizations large and small can adopt the principles outlined in the system successfully, as long as they keep in mind their own industry and resources when doing so.
From the Paper
"Historically as organizations have grown technologically new security risks have become imminent that must be addressed. Today organizations are connected through IT infrastructures that operate in an environment considered "increasingly hostile" where "attacks are being mounted with increasing frequency" and occurring over shorter periods of time (Microsoft, 2004). There are many factors that contribute to increased risk including higher levels of volatility within financial markets, rapid advances in technology and increasing globalization in the marketplace (Simons, 1996). The rise in transaction volume in markets has also contributed to increased threats and risk, though many risks can be calculated and prepared for (Simons, 1996).
Unfortunately in the past many organizations have been slow to respond to security threats, resulting in increased impact on business processes and procedures. Microsoft has concerned itself among other things with managing the security and safety of its infrastructure to ensure business values to customers both internal and external."
| |
|
Information Systems and Security, 2008.
This paper critically examines the information systems of the United States with regards to the struggle against terrorism.
2,977 words (approx. 11.9 pages), 10 sources, APA, £ 61.95
»
Click here to show/hide summary
Abstract
The paper examines the Department of Homeland Security (DHS) and looks at how the United States' information systems fail to meet the tests of universality and of platform and operating systems compatibility. The paper then looks at how border security and the war against bioterrorism have been facilitated by cutting-edge technologies that are compromised by the same interoperability issues. The paper concludes that the failings of the DHS is proof that a more streamlined, centralized data-gathering and data-exchange process is needed.
Outline:
Abstract
Introduction
Information Systems and Standards Universality, Oversight and Compatibility: the Case of the United States Government
Federal Information Systems and the Border
A brief Look at Federal information Systems and Bioterrorism
Future Vision
Conclusions/Summary
From the Paper
"A Government Accountability Office Study conducted in June of 2005 found many problems with the information system in place at the Department of Homeland Security - problems that clearly reveal logistical and planning problems that must be overcome both in the public and in the private realms if the terrorist threat is to be appreciably reduced. To begin with, if the DHS is to be held up as an example, the United States government has done a desultory job of putting in place universal information security practices and controls. Things like a proper risk assessment, security plan, a regime of security tests and evaluations, remedial action plans, and a structure for the continuity of operations have (in one way or another) fallen short of expectations or have simply been absent (Government Accountability Office, 2005)."
| |
|
Information Security and E-Commerce, 2008.
A review of the Internet and the security risks that are associated with this technology.
4,025 words (approx. 16.1 pages), 20 sources, APA, £ 76.95
»
Click here to show/hide summary
Abstract
The paper discusses the growth of the Internet and the use of computer-based systems in business and warns that all businesses should be aware of the impact which this has on their practice. The paper highlights that risk management is important to ensure that the risks from their data storage and sharing procedures are minimized. The paper states that this is important in maintaining the integrity of the business and also ensuring that the safety of the customers is maintained. The paper confirms that there are various standards and practices which are in place to ensure that sufficient practices are maintained.
Outline:
Risk Management
COSO Report
SAS 78
Mutual Aid Pacts
Importance of Computer Information Standards
ISO Development
Computer Emergency Response Co-ordination Centre (CERT)
Cryptography, Identification and Firewalls
Electronic Payment Methods
Web-based Marketing Methods
From the Paper
"Risk management is the process in which the potential risks to any information system are identified, measured and minimized. This is achieved by limiting the number of uncertain events which may occur in order to prevent harm occurring to the system. Risk management is an important component of internal control. Internal control is the process where the internal risks to a company are controlled. This includes ensuring that all relevant legislation is adhered to, that all financial information is adhered to and that operations are efficiently run. The COSO Report and SAS 78 are two important frameworks which ensure that internal control is maintained, each containing elements relating specifically to risk management."
| |
|
Electronic Health Information Security, 2008.
A review of the security aspect and risks involved in electronic computer systems.
1,297 words (approx. 5.2 pages), 5 sources, APA, £ 30.95
»
Click here to show/hide summary
Abstract
The paper relates that computer technology evolved from large mainframe computers, programmed with punch cards and
occupying entire rooms, to desktop computers, portable laptops etc.. Processing power has increased exponentially, and microchip technology now enables watches and toys, to surpass the computing power of the computers that NASA used for the Apollo program. This rate of progress will continue, with processing power increasing steadily, reaching the limit of microchip technology. The paper highlights the threats to computer networks and elaborates on them. It also comments that in spite of all this progress in technology, persons employed in the industry are sometimes not aware of the consequences of failing to safeguard the information in a manner commensurate with its value and the risks associated with its unauthorized disclosure.
Outline:
External Threats to Electronic Healthcare Information
Internal Threats to Electronic Healthcare Information
Physical Loss of Electronic Healthcare Information
Conclusion
From the Paper
"In 1995, the World Wide Web launched the modern era of electronic
communications, and with it, the need to secure sensitive data to multiple forms of theft and unauthorized access. Shortly thereafter, with health insurance fraud, identity theft, and white-collar crimes against business organizations like mortgage fraud at the top of
the list of growing crimes by the last decade of the 20th century, federal legislation went to effect in 1996 in the form of the Health Insurance Portability Act (HIPAA) that, as part of its comprehensive administration of employment health insurance benefits, also tightened measures to maintain the privacy of patient information throughout the healthcare system. "
|
|
|
