Identify strategy objectives for information security that will meet the needs of Jashopper. Kindly justify the inclusion of proposed objectives
These objectives will help Jashopper in safeguarding and protecting information. Through Secom, Jashopper will protect and safeguard information. One strategy is installing a server hosting in presence security features such as firewalls and the monitoring of hackers. Another strategy would be ‘advanced housing’ that provides racks. The security features in this case include installing of firewalls and monitoring of hackers. The company should ensure that it keeps all firewalls to date through fixation of any problem. The company should ensure that system administrators handle all the vulnerabilities of the firewall. The company should also employ a cyber security professional.
There are three main goals for information security: confidentiality, availability and integrity. Confidentiality means that information in the system should be safe and protected from unauthorized people. Integrity means that the information should be whole and complete. Unauthorized people should not alter the information in the system. This would make the available information unreliable for its purposes. Availability means that information requested by authorized users should be available per request.
Prevention of security breach occurs through several ways. Jashopper can opt to create awareness to all computer users within the company. Jashopper should use SSL connection in carrying all the transactions that relate to money and all private information. Another strategy is using symmetric keys that have inscription and description for all transactions. Installing anti-virus software on the system would prevent the system from crashing and virus that might tamper with the information in the system. Jashopper should keep database of the viral signatures to date and use cleaning software. The company should install a good firewall system that will prevent the system from attacks such DoS and Trojan.
Jashopper should adopt a monitoring and protection service that will provide security to the company’s data and information. To supplement a monitoring and protection service, the company should buy and install firewalls. The company should also purchase intrusion-detection software. They should hire staffs with the necessary knowledge and skills for maintaining this software. There should be an inclusion of basic security functions that will enhance the monitoring and protection service. Installing an intrusion detection service would be a good strategy for Jashopper. An intrusion detection service identifies potential and actual security breach. The intrusion detection device then informs system administrators of the breach through phone or email. Another strategy would be an intrusion prevention service. This stops harmful packets and shuts out intruders.
Another strategy for security information that Jashopper Company can adopt is identification and access control system. This services bases on a card that contains an IC chip. Officials use this card as an identification card. The card serves many applications. These include tracking entry logs, limiting access to rooms and personal computers. Through the identification card, system administrators can know who entered a room and what time he or she did so. The card also informs system administrators of who has sent or exposed information from the personal computers in the company.
Adopting a total security assessment of the weaknesses in the network, the system and the physical environment that can lead to security breaches is essential for the company. An assessment service checks and identification of security weaknesses in the system and informs system developers and administrators of the threat are vital for the organization. The system administrators should act on the threats and ensure that information is secure. The assessment service identifies worms and viruses that might cause tampering of information.
Develop information security strategy critical to Jashopper’s core business. Kindly explain main components of proposed security strategy.
An information security strategy considers a plan for the mitigation of risks that comply with legal, contractual, statutory and developed requirements. Developing an effective information security strategy requires definition of the control objectives, identification of approaches and the assessment of these approaches. This aims at meeting objectives, selection of controls, establishment of benchmarks, establishment of metrics and preparation of testing plans.
Selection of controls grounds in a cost comparison of the different strategic approaches to mitigation of risks. Cost comparison contrasts costs of approaches and the potential gains that an institution can realize. This is in terms of confidentiality, integrity of systems, data and availability. The gains that come out of this is reduced financial losses, customer confidence increases, positive and accurate audit findings and compliance in regulation. All approaches should include policies, procedures, standards, technology design, resource dedication, testing and training (Whitman & Mattord, 2012).
Development of an information security strategy should aim at ensuring that information held by Jashopper is safe. Jashopper should focus on protecting the core business. This will ensure that it stays in the market and competition does not affect it. For Jashopper to succeed in a market where competition is stiff, it has to develop information security that will ensure that other key players in the market do not get hold of their information. Efficient security information for Jashopper means that the company will benefit from effective information technology. There should be an effective way for Jashopper to send and retrieve information without compromise. Information technology makes business easy to conduct but it is prone to tampering. Information security ensures that this does not happen.
Will you recommend Jashopper to manage information security internally or transfer it to other external partners? Kindly justify your position
I would recommend Jashopper to manage information security internally. Internal management of information security ensures that the company stays in track with the security of its data. External management means that many people will have access to company data. The danger with this is that external system administrators might tamper with company data and reveal sensitive information to competitors. I would advice Jashopper to use internal management of information security. Managing information security internally dispenses the need for the company to employ external partners. This makes the company save money that it would have used in paying external managers to manage information security.
Internal personnel charges with the responsibility of managing information security are acquainted with the company. This is because they have access to confidential information of the company. These personnel are valuable to the company and contribute to the growth of the company. Another benefit to using internal managers rather than external managers to manage information security is that these personnel can cope with non-recurring and other exceptional jobs that external managers cannot deal with effectiveness. Use of internal managers to manage information security ensures that Jashopper’s standard policies are running smoothly. External managers may not effectively manage information security with compassion since they do not work within the company. Internal management of information security ensures that there is a creation of good training ground for future employees to manage information security (Whitman & Wattord, 2012).
Identify relevant constraints in developing and implementing information security strategy for Jashopper
In the development and implementation of information security strategy for Jashopper, there are several relevant constraints that would limit the achievement of the goals of the organization. One of the essential constraint or challenge in the implementation process is inadequate financial resources. Secom presents three different information strategies with the aim of enhancing the security system of the organization. In these alternatives, it is essential to note that the critical factor in their adoption or implementation in the context of the organization is the financial factor. Lack of adequate financial resources will limit realization of the goals and security objectives by Jashopper. Another essential and relevant constraint in the implementation of the information security strategy is the lack of sufficient human resources or capital for the completion of the project.
For quality implementation of the strategy, it is essential for the organization to have adequate and trained human capital. Lack of expertise by the personnel will hinder the development and implementation of the information security strategy for Jashopper. Improper planning will also hinder the development and implementation of the information security strategy for Jashopper. Effective and efficient planning process is an essential concept in the development and implementation of the information security strategy in any organization. Lack of quality planning will affect efforts of the organization in maximizing the utilities of the available resources in the development and implementation of the information security strategy. Another essential obstacle in the realization of the goals in the application of the information security strategy is the ineffective transmission or communication of the objectives to the relevant authorities.
The organization should communicate this strategy to all entities. This makes it vital to adopt and integrate effective communication systems with the aim of realizing the goals of information security strategy. Lack of quality communication systems will limit the ability of the organization to transmit its objectives and mission in the implementation of the information security strategy. Implementation of the quality communication systems will contribute towards maximization of the relevant opportunities because every entity within the organization will focus on the application of the strategy.
Which Secom Proposal alternative will you recommend to Mamoru Sekine, CEO of Jashopper? Why? What additional security services or products will you recommend that are not included in the proposal? Kindly justify their importance for Jashopper.
I would recommend the third alternative indicating that the organization will add a service in order to evaluate the vulnerability of the physical and cyber security. In this alternative, the organization will be able to implement Secom Total Security Assessment service in the analysis of the current security levels. This is through application of the four perspectives or viewpoints. The aspect of the organization will focus on the organization/policies/system, data access control, physical security, and network security.
This alternative will also offer an opportunity for the organization to provide clarification of risk tolerance. The organization will also have the opportunity to identify priorities and relevant costs of the various security measures. This alternative is essential for the organization in that it will also enable the organization to minimize the cost of developing and implementing the security system thus an opportunity to maximize its output. This relates to the low financial resources required in the execution of the third alternative in the realization of the mission of the organization in developing and implementing an effective information security strategy (Warren et al, 2005).
In addition to the above alternative in the information security strategy, I would recommend the implementation of various security mechanisms with the aim of eliminating inside and outside security threats. This will focus on the integration of the mechanisms into the information security strategy in enhancing the security of the communication systems of the organization. One of the essential mechanisms is the implementation of the one-way hash security system. This will focus on the transformation of the input through the application of the fingerprint aspects. Some of the hash functions for enhancing the security system include SHA, RIPEMD, and MD (ISPEC, 2009). This mechanism will enhance the ability of the systems to provide evaluative aspects of the communication processes.
This is through integration of the fundamental role in relation to the digital signatures. Another concept is the implementation of the symmetric algorithms. This is through implementation of the algorithms for cryptography in enhancing the security system for the organization. It is vital for the organization to integrate encryption and decryption keys to minimize vulnerability of the systems with various entities of the organization. These mechanisms are essential and vital for the development of the organization because of the effectiveness and efficiency in the realization of the targets of the strategy in eliminating threats (Nemati, 2011).
References
Warren et al. (2005). Secom: Managing Information Security in a Risky World. Nikkei Newspaper, July 19, 2005.
ISPEC 2009, Bao, F., Li, H., & Wang, G. (2009). Information security practice and experience: 5th international conference, ISPEC 2009, Xi’an, China, April 13-15, 2009 : proceedings. Berlin: Springer.
Nemati, H. R. (2011). Pervasive information security and privacy developments: Trends and advancements. Hershey, PA: Information Science Reference.
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology.
